CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem
In June 2020, we received a Linux kernel submission detailing a reference-counting bug in the performed in one system call. Linux kernel 5.6 has a flawed implementation of the IORING_OP_CLOSE CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem Vulnerability Linux kernel 5.1 introduced a new asynchronous I/O feature called io_uring. This (@Ga_ryo_) of Flatt Security. We believe that the vulnerability affected the Linux kernel from version 5.6
ZDI-20-1440: An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier
ZDI-20-1440: An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier In April 2020, the ZDI received a Linux kernel submission that turned out to be an incorrect vulnerability affects the current Linux kernel long term version from 4.9 to 4.13. One particular distribution Security bypasses the eBPF verification and can lead to out-of-bounds (OOB) access in the Linux kernel. The eBPF verifier is a well-known source of Linux kernel local privilege escalation
CVE-2021-31440: An Incorrect Bounds Calculation in the Linux Kernel eBPF Verifier
CVE-2021-31440: An Incorrect Bounds Calculation in the Linux Kernel eBPF Verifier In April 2021, the ZDI received a Linux kernel submission that turned out to be an incorrect bounds particular bug bypassed the eBPF verification and resulted in an out-of-bounds (OOB) access in the Linux kernel. The researcher exploited this bug and demonstrated a Kubernetes container escape. The patch was recently released as CVE-2021-31440 . Linux kernel versions from 5.7 and on were affected. The
Welcome to Pwn2Own 2017 - The Schedule
Desktop SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) welcomes Ubuntu Linux to Pwn2Own with a Linux kernel heap out-of-bound access. They earned themselves $15,000 and 3 Master of Pwn points
The Results – Pwn2Own 2017 Day One
was welcomed to Pwn2Own by the Chaitin Security Research Lab. They leveraged a Linux kernel heap out
The Top 5 Bugs Submitted in 2021
-date patches. Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability eBPF and fixed in this commit to the Linux kernel. The flaw is in the reasoning used by the eBPF compiler
Looking Back at the Bugs of 2022
video of these bugs in action: ZDI-22-1690: Linux Kernel This bug is the lone CVSS 10 advisory we that putting an SMB server in a Linux kernel module is…problematic. ZDI-22-856: OPC UA .NET Standard
The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability
Linux kernel released a patch to address a denial-of-service condition that was caused by a UAF
MindShaRE: How to “Just Emulate It With QEMU”
QEMU we typically need the following things: -- A QEMU disk image file (qcow2) -- A Linux kernel image hardware platform. The -append options lets you tweak the kernel options passed into the Linux kernel. I like to put the QEMU command into a bash script to speed up the process of making adjustments
MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router
Linux-based and is running a very old Linux kernel. Figure 16 - Showing the Linux version To conserve
The August 2017 Security Update Review
(IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. Of these 48 CVEs
Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI
boot partition contains the Android/Linux kernel version 3.18.24. · The dtb partition contains
The September 2022 Security Update Review
Microsoft is producing patches for the Linux kernel boggles the mind. And, of course, it wouldn’t be a Components; Windows Defender; and Linux Kernel (really). This is in addition to the 15 CVEs patched in
CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE
code (right) Interestingly, in 2012, the Linux kernel fixed a very similar issue in the handling of RAW sockets - CVE-2012-6657 Kernel: net: guard tcp_set_keepalive against crash: Figure 9 - Linux patch for CVE-2012-6657 Conclusion Historically, kernel privilege escalation vulnerabilities in ESXi
The September 2018 Security Update Review
was initially discovered in the Linux kernel TCP/IP implementation, but it clearly affects Windows as
CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification
Since version 3.15, the Linux kernel supports a general tracing feature called “extended Berkeley CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification improper input validation bug in the Linux kernel to go from a standard user to root. Manfred used this bug
The November 2022 Security Update Review
Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2022 ; SysInternals; Visual Studio; SharePoint Server; Network Policy Server (NPS); Windows BitLocker; and Linux Kernel and Open Source Software. This is in addition to five other CVEs from third parties being
Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System
archive of the entire root file system, • linux1 containing the Linux kernel 3.0.35, • ibc1 and ibc2
MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja
mention a few of the more likely sinks: copy_to_user() in case of Linux kernel, copyout() in case of
The December 2022 Security Update Review
No EoP CVE-2022-44689 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege
See more