Red Hat Security Advisory 2018-1062-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, randomization, and use-after-free vulnerabilities.
fbeade70a9a2b1fd9926eaf605a9a3afcda14c9b6e58abd7aae2926d31ecbaa9Red Hat Security Advisory 2018-0676-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, and use-after-free vulnerabilities.
760529e5784a4c45d323b6b90d60c38cfaa4a399d95492fd1f96c65cfeea827bQualys has released a large amount of research surrounding the use of stack clash vulnerabilities and how stack guard on Linux can be bypassed.
a388b77480d7ab1132bd2ce877ddcf881022854bdff22370446258252e109e37Debian Linux Security Advisory 3607-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
0d223b304d17753a1ce52094557c77094582be1a5339c862d34ee91a630a21d9Ubuntu Security Notice 3004-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
15260f2bae937ffefd89474b5d45b197be79a2c3c629d596664ff46374144290Ubuntu Security Notice 3003-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
5fed2838234a44d1730852206ba9626415e7a2b237d203c9b8f4f0a0ae120b95Ubuntu Security Notice 3002-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
6a304214d70136724253b137a128ced305938a2bcf77b7f57cc2fd2056cb00d0Ubuntu Security Notice 3001-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
cbd8722998ecacafce7f0e191f217dc2e6164d45016680a92f8639cf152856bfUbuntu Security Notice 3000-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
330259ee5fb5e92854cb2c2d2d644d62e3fa8b04b3260f39927986db6fab5b70Ubuntu Security Notice 2998-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
6ac8e40a1a58889071f681c070f97687fbc0499845baf46496f6035c2db81bc6Ubuntu Security Notice 2997-1 - Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
df656efbeccd8134a69d49e30b421956bddc01476d613d8b026317f4a3e41d03Ubuntu Security Notice 2996-1 - Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
06d71e9c2695629758cc867e221b01bf922a1b38f88de97259e83eb660611bfbUbuntu Security Notice 2989-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
176f40d6b9ca149610db188404fb65b5dd57970bcbf0fa0ce08d2db323c1cc4dUbuntu Security Notice 2965-4 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
b980b1fb461a05f96b89931ea8854c8fb764d3a6a3ea6ec9be99cb03392277a0Ubuntu Security Notice 2965-3 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
4e5b67ecd64a48a40bb846ae2b44ca9d5d6f5587e29332b9503dcdb6f3cc3bceUbuntu Security Notice 2965-1 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
962749c42e747d98bec1018a0419b51785f0f882d0fec9774fb21cb7fa004936Ubuntu Security Notice 2965-2 - USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Various other issues were also addressed.
6b52d036c57f1e7c2af2ead1821e8dddc36f23e6a3f79a1abfec9c19421a8b56A weakness in the Linux ASLR implementation has been addressed.
dc611674639e17d87db4bc8f7c419a93127da71cfb5a237027c9ffac55a2e504
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed