An incorrect searching algorithm in fastrpc_mmap_find can lead to kernel address space information leaks.
46fa1c601050810eb66a262de97a8b9a9dbe879e08b68141820f5aeffa5d1da5There appears to be some (possibly deprecated) code associated with AF_QIPCRTR sockets in bpf_service.c. Within this file are some ioctl handlers - e.g. qrtr_bpf_filter_attach and qrtr_bpf_filter_detach. In the case of qrtr_bpf_filter_detach, the global pointer bpf_filter is fetched and freed while only holding a socket lock (and an irrelevant rcu_read_lock) - this may lead directly to double frees or use-after-free (kernel memory corruption) if a malicious user is able to call the QRTR_DETTACH_BPF ioctl on multiple AF_QIPCRTR sockets at once. Based on Android SELinux files, it appears this may be possible from some lower-privileged vendor and HAL services.
9a1258e6adb1b608d6d8bf4e2c0f15fb713920d26890f57e49ad4ff67b1e99c1Ubuntu Security Notice 7021-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f5bd65d2898e9829d211a6a95b234a34eb25f17b8ac37caf94966dce73810534Ubuntu Security Notice 7022-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
5e2869f9ed921d462e17d616b733317644fb32d561e9fc36d17f1dbc09c8865dUbuntu Security Notice 7003-5 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
e57d853b0390f83094b938450c8016f8fb2162c14c9c0b034d166c25cbb6646aThis Metasploit module exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
6c56ce8217d90e114635700a314b8fcfb2c5a11cfda46c96a6c0e2d713c433bbRed Hat Security Advisory 2024-7227-03 - An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION.
2d02c4dd3bacd6665406806ff68dc32f360e99e13a4e9fe397da41fb32a6afa2Ubuntu Security Notice 7039-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
dfba7d8e80b84fb47dc725d81c166af93f650cff7e694ffb3bd882ed52b39a79Ubuntu Security Notice 7021-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
69d8a00cc33c644b5218146c25ae3a8c80c5889b997d63ea9e1c79f9b9d8e330Ubuntu Security Notice 7020-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f5bcc60a1714fa022b4b4445bed98eea0eebfc6ffb87470f6e025f80790de5abUbuntu Security Notice 7003-4 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
c85181693b4ae184acd8611269c3c7857764f26f86f84d4df3a4650c59c7d69dUbuntu Security Notice 7009-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
bc022d142c18a55625e63d62b56d8f76cf8e0a79f3f0ed802474777c8cbc4817Ubuntu Security Notice 7029-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
23a7a47e5cb2c5a81b2a75efe93b379e63edd93720e34aaa0c1769e34132c3afUbuntu Security Notice 7007-3 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
ef3c54a1054dde36cb3bb88462606dc7b4117a7ccefd9ff9d1de96a5c1e0b601Red Hat Security Advisory 2024-7005-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
049ea29d306ce724f6e68a6b58d0db1fc5041caf0f546850e8b5cfb9eea67cdfRed Hat Security Advisory 2024-7004-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
dc3c5d30a4d64e72060b5a6b6cfce530454c1575f7163536bc9e679266667939Red Hat Security Advisory 2024-7003-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.
f5f3623ce18bfedef1df3b35b648def4e5367dabeb77d024bd2af317d581f432Ubuntu Security Notice 7021-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
d463b70754ae77b8d76a2f63079f954ac5540780f82f494a64ef54d0fd4ac7efRed Hat Security Advisory 2024-7002-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, null pointer, and use-after-free vulnerabilities.
bcb30235b9540c6741f9560c01ee3d3305536ea741d3e392b5c83e04abb796e9Red Hat Security Advisory 2024-7001-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
4abd0d82b920844597f5aa769f5e49aa82f0cbb8742caff6613a263cc9d88a49Red Hat Security Advisory 2024-7000-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.
53d354261c2a0c5be90cb059a243925bae6464d534ce012db39e766e25d1ef23Red Hat Security Advisory 2024-6999-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
0cf6452182f2bc65944ffd9a887a4ae6534686e0af0e587aa9b7c77a693b7dbfRed Hat Security Advisory 2024-6998-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
c801e67008cdffe0e510771d127fca2789f5d49881b6ac66a7fa0dd3901bb3c1Red Hat Security Advisory 2024-6997-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include double free, null pointer, and use-after-free vulnerabilities.
2a331feba1c8a2e4acf84fa5d252ddd4ec8ca16d5e7cb39f7989c0080ff34edbRed Hat Security Advisory 2024-6995-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
9094b73441e9e3762364126944d52d5e81e16efce188a3b5c433646ed91975c6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed