The Microsoft Windows kernel suffers from multiple security issues in the key replication feature of registry virtualization.
c3387e7bd189cc7e8d8449ad27e2b524a0fc939d2cc467c5961cc148cdbb9019The Microsoft Windows kernel suffers from a use-after-free vulnerability due to a dangling registry link node under paged pool memory pressure.
54ec3add551cac7b508b2e8157d5a658c016115390f2b327d14cac78af270263Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
ded3419927998aaa3da4fea3f80263227d729920c448e2a3cf6f50b41f8c867dThis Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
ddab5b3975fc82e2a23c5e4e05a57af4893abfbc613df02d507c1013c62dc088If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn't be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with a valid fd table entry pointing to a freed file object. The authors use this bug to overwrite a SUID binary with their payload and gain root. Linux kernel versions 4.14-rc1 - 5.17-rc1 are vulnerable. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
6360a81de99a383330c5955ece5414f2f3b254143f1a5b9246e669769aa929fcUbuntu Security Notice 5832-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
b242d051794285ce6fb5ea0e2560337d6d70a05108712a3794e5a8724e9960afRed Hat Security Advisory 2023-0536-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
db3cdec09f4fa18614ad2c2f7b915eebef7167898fe789825310fcf2d185841aRed Hat Security Advisory 2023-0526-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
a38173ffd4c1a32200dc9063832772ab2a903e6b329d709b48733bc7df9b1460Red Hat Security Advisory 2023-0499-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
cafa34e9b6e6e20e9552a755d2013ce9af4b6ec3fae928e0d9abcbb8e4ef86b0Red Hat Security Advisory 2023-0531-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
22527e33a39753d9ca8e1cd40f6302accc7bc0a0f8eab2e69c0314c187fceb7aRed Hat Security Advisory 2023-0512-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
85e09cd648a01d2be4fcd737a932ab51119e4a46973a05fdee1b8ba61ab676bfRed Hat Security Advisory 2023-0496-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
db4252aa399689acdb60e9f13777e05c13736baaa1aba4f5db8ffd87de043f8bUbuntu Security Notice 5831-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
b293ed3b171badbd869822b922ca5fe2bc5f7cdd18d474068ad2b6b97a51bc5fUbuntu Security Notice 5830-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
6e68f50f18b8299b6053e750db628304a61fb6f1ccf4186312d8814b9ac32cfdUbuntu Security Notice 5829-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
aad823e9a2aa345a90ba89b0bbadac4b45a7aad04940b487e28febdc9f15b3ffRed Hat Security Advisory 2023-0441-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
1ef43e0486be0b0305bdb8cfdf52cf102a0385d5854e738957bb3bd2fcc93734Red Hat Security Advisory 2023-0440-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
6d75623fe8f38f20905f3965079441cf9e0ae8889a9f0bcebf5cba22336718ccRed Hat Security Advisory 2023-0399-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
63284cf94e890ed594cb0c8f100abafc4d137cb3943d7cb99a68b986a4e72f64Red Hat Security Advisory 2023-0404-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
8c89f5af23a52db2aa4917eb8d0374bdf826764172f0edbab57db3effd87596bRed Hat Security Advisory 2023-0400-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
268642b2621ea55896ecf2b849998230c27b737e5f55044b2de389e89231051eRed Hat Security Advisory 2023-0432-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds read vulnerability.
3e3a0b366e2b42cf9eb338b1c1861a10ed5f9565f19a5df98afc59f5dc528ffcRed Hat Security Advisory 2023-0396-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
0bfb098f3f7e0bb25a209a1c544f316b74d9e3292093f35d99b3e2e3eb6eb962Red Hat Security Advisory 2023-0395-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
81e2f82868d70a3c953a085f97b8fc784dccff11dc978225a0f18cd3027e8aadRed Hat Security Advisory 2023-0392-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
dc4638f3b1a3a61d8746a1bef86ca86ce3c2a307cadfb6c2950ccfdb9824f50dDebian Linux Security Advisory 5324-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
4738a5dd5b6f53a56ab15c9bc642f4b021b4a873119259aea80dd67e167ed354
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed