exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2024-26603

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer was taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible. In this case, xrstor tries to restore and accesses the unmapped area which results in a fault. But fault_in_readable succeeds because buf + fx_sw->xstate_size is within the still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever. Instead, fault in the maximum size which can be touched by XRSTOR (taken from fpstate->user_size). [ dhansen: tweak subject / changelog ]

Related Files

Ubuntu Security Notice USN-6895-4
Posted Aug 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52637, CVE-2023-52642, CVE-2023-52643, CVE-2023-52880, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26606
SHA-256 | 5abbf5bf5626f5254f4e45c8a2e156eed0e1819bb69d45b4255f18556cc62da1
Ubuntu Security Notice USN-6895-3
Posted Jul 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52637, CVE-2023-52638, CVE-2023-52643, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26600, CVE-2024-26601, CVE-2024-26602, CVE-2024-26603
SHA-256 | c2cdeb8147a5ff711973b3c8fee175db573062bd9897685481c20a336ce711eb
Ubuntu Security Notice USN-6900-1
Posted Jul 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6900-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52638, CVE-2023-52643, CVE-2023-52645, CVE-2023-52880, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26600, CVE-2024-26603, CVE-2024-26642
SHA-256 | e97da32f17a29fe4696411be940643a9db1b1d29119fc6286db6efced74e2225
Ubuntu Security Notice USN-6895-2
Posted Jul 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52637, CVE-2023-52638, CVE-2023-52643, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26601, CVE-2024-26602, CVE-2024-26603, CVE-2024-26642
SHA-256 | cb98f5e56d9db06a20eb3399970fe6e4dd6d1c03b16d42a3b8b246d6254a725f
Ubuntu Security Notice USN-6895-1
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52631, CVE-2023-52638, CVE-2023-52642, CVE-2023-52643, CVE-2023-52645, CVE-2023-6270, CVE-2024-0841, CVE-2024-1151, CVE-2024-23307, CVE-2024-24861, CVE-2024-26593, CVE-2024-26603, CVE-2024-26606, CVE-2024-26642
SHA-256 | 13204fe1d646093191f86b432d013bd53e9fab0b9ef81134435e8e12af260d6a
Ubuntu Security Notice USN-6821-4
Posted Jun 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6821-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52434, CVE-2023-52447, CVE-2023-52640, CVE-2023-52641, CVE-2023-52644, CVE-2023-52645, CVE-2023-52650, CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099, CVE-2024-26583, CVE-2024-26584, CVE-2024-26603
SHA-256 | 005197f93f9635a71a9d722ed30f7f10170a59d2fc5bf3241cc4fd1eef53f94e
Ubuntu Security Notice USN-6821-3
Posted Jun 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6821-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52434, CVE-2023-52447, CVE-2023-52620, CVE-2023-52640, CVE-2023-52641, CVE-2023-52645, CVE-2023-52650, CVE-2023-52662, CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099, CVE-2024-26583, CVE-2024-26603
SHA-256 | aae6b5f7c1a02571eceaa675caf0e3f9084a4a26a6ccfb4410f9c4ea33879bdd
Ubuntu Security Notice USN-6821-2
Posted Jun 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6821-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52434, CVE-2023-52447, CVE-2023-52620, CVE-2023-52640, CVE-2023-52641, CVE-2023-52645, CVE-2023-52650, CVE-2023-52662, CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099, CVE-2024-26583, CVE-2024-26603
SHA-256 | c0d502aabcbbf1e5adcf7965d701523eed1192f64932ac780a636cf8bf6e2746
Ubuntu Security Notice USN-6821-1
Posted Jun 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6821-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-52434, CVE-2023-52447, CVE-2023-52620, CVE-2023-52640, CVE-2023-52641, CVE-2023-52645, CVE-2023-52650, CVE-2023-52662, CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099, CVE-2024-26583, CVE-2024-26603
SHA-256 | 6bfa3dcb7b71737d5c685bfda62b611297eb2a3e245d5048438c44e66d077a4e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close