CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem
In June 2020, we received a Linux kernel submission detailing a reference-counting bug in the
…
performed in one system call. Linux kernel 5.6 has a flawed implementation of the IORING_OP_CLOSE
…
CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem
…
Vulnerability Linux kernel 5.1 introduced a new asynchronous I/O feature called io_uring. This
…
(@Ga_ryo_) of Flatt Security. We believe that the vulnerability affected the Linux kernel from version 5.6
…
ZDI-20-1440: An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier
ZDI-20-1440: An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier
…
In April 2020, the ZDI received a Linux kernel submission that turned out to be an incorrect
…
vulnerability affects the current Linux kernel long term version from 4.9 to 4.13. One particular distribution
…
Security bypasses the eBPF verification and can lead to out-of-bounds (OOB) access in the Linux kernel. The
…
eBPF verifier is a well-known source of Linux kernel local privilege escalation
…
CVE-2021-31440: An Incorrect Bounds Calculation in the Linux Kernel eBPF Verifier
CVE-2021-31440: An Incorrect Bounds Calculation in the Linux Kernel eBPF Verifier
…
In April 2021, the ZDI received a Linux kernel submission that turned out to be an incorrect bounds
…
particular bug bypassed the eBPF verification and resulted in an out-of-bounds (OOB) access in the Linux
…
kernel. The researcher exploited this bug and demonstrated a Kubernetes container escape. The patch
…
was recently released as CVE-2021-31440 . Linux kernel versions from 5.7 and on were affected. The
…
Welcome to Pwn2Own 2017 - The Schedule
Desktop SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) welcomes Ubuntu Linux to Pwn2Own
…
with a Linux kernel heap out-of-bound access. They earned themselves $15,000 and 3 Master of Pwn points
…
The Results – Pwn2Own 2017 Day One
was welcomed to Pwn2Own by the Chaitin Security Research Lab. They leveraged a Linux kernel heap out
…
The Top 5 Bugs Submitted in 2021
-date patches. Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability eBPF
…
and fixed in this commit to the Linux kernel. The flaw is in the reasoning used by the eBPF compiler
…
Looking Back at the Bugs of 2022
video of these bugs in action: ZDI-22-1690: Linux Kernel This bug is the lone CVSS 10 advisory we
…
that putting an SMB server in a Linux kernel module is…problematic. ZDI-22-856: OPC UA .NET Standard
…
The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability
Linux kernel released a patch to address a denial-of-service condition that was caused by a UAF
…
MindShaRE: How to “Just Emulate It With QEMU”
QEMU we typically need the following things: -- A QEMU disk image file (qcow2) -- A Linux kernel image
…
hardware platform. The -append options lets you tweak the kernel options passed into the Linux
…
kernel. I like to put the QEMU command into a bash script to speed up the process of making adjustments
…
MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router
Linux-based and is running a very old Linux kernel. Figure 16 - Showing the Linux version To conserve
…
The August 2017 Security Update Review
(IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. Of these 48 CVEs
…
The September 2022 Security Update Review
Microsoft is producing patches for the Linux kernel boggles the mind. And, of course, it wouldn’t be a
…
Components; Windows Defender; and Linux Kernel (really). This is in addition to the 15 CVEs patched in
…
CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE
code (right) Interestingly, in 2012, the Linux kernel fixed a very similar issue in the handling of
…
RAW sockets - CVE-2012-6657 Kernel: net: guard tcp_set_keepalive against crash: Figure 9 - Linux
…
patch for CVE-2012-6657 Conclusion Historically, kernel privilege escalation vulnerabilities in ESXi
…
The September 2018 Security Update Review
was initially discovered in the Linux kernel TCP/IP implementation, but it clearly affects Windows as
…
CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification
Since version 3.15, the Linux kernel supports a general tracing feature called “extended Berkeley
…
CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification
…
improper input validation bug in the Linux kernel to go from a standard user to root. Manfred used this bug
…
The November 2022 Security Update Review
Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2022
…
; SysInternals; Visual Studio; SharePoint Server; Network Policy Server (NPS); Windows BitLocker; and Linux
…
Kernel and Open Source Software. This is in addition to five other CVEs from third parties being
…
MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja
mention a few of the more likely sinks: copy_to_user() in case of Linux kernel, copyout() in case of
…
The December 2022 Security Update Review
No EoP CVE-2022-44689 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege
…
CVE-2019-12643: Cisco IOS XE Authentication Bypass Vulnerability
platform through the use of Linux Virtual Containers (LXC) and virtual machines via Kernel-based Virtual
…
The January 2020 Security Update Review
, the Windows Kernel, and Microsoft Cryptographic Services. There are two security feature bypass
…
form. Affected components include the Windows Subsystem for Linux, the Update Notification Manager
…
See more