Page 453 of 2727 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 22

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. En el kernel de Linux anterior a versión 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabación de las credenciales de un proceso que desea crear una relación de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relación de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). • https://www.exploit-db.com/exploits/47133 https://www.exploit-db.com/exploits/47163 https://www.exploit-db.com/exploits/50541 https://www.exploit-db.com/exploits/47543 https://github.com/jas502n/CVE-2019-13272 https://github.com/Cyc1eC/CVE-2019-13272 https://github.com/oneoy/CVE-2019-13272 https://github.com/polosec/CVE-2019-13272 https://github.com/MDS1GNAL/ptrace_scope-CVE-2019-13272-privilege-escalation https://github.com/datntsec/CVE-2019-13272 https://github • CWE-271: Privilege Dropping / Lowering Errors •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html https://arxiv.org/pdf/1906.10478.pdf https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92 https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92 https://lists.debian.org/debian-lts-announce/2019/07/msg00022&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. En el kernel de Linux anterior a versión 5.1.7, un atacante puede rastrear un dispositivo utilizando los valores ID de IP que el kernel produce para los protocolos sin conexión (por ejemplo, UDP e ICMP). Cuando dicho tráfico se envía a múltiples direcciones IP de destino, es posible obtener colisiones de hash (de índices en la matriz counter) y, de este modo, obtener la clave de hashing (mediante enumeración). • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/109092 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://arxiv.org/pdf/1906.10478.pdf https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1

In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. En arch/x86/lib/insn-eval.c en el kernel de Linux en versiones anteriores a la 5.1.9, hay un uso de memoria previamente liberada para acceder a una entrada LDT debido a una condición de carrera entre modify_ldt () y una excepción #BR para una violación de los límites de MPX. A vulnerability was found in the arch/x86/lib/insn-eval.c function in the Linux kernel. An attacker could corrupt the memory due to a flaw in use-after-free access to an LDT entry caused by a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugs.chromium.org/p/project-zero/issues/detail?id=1879 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. Una vulnerabilidad de desreferencia del puntero NULL en la función nfc_genl_deactivate_target() en net/nfc/netlink.c en el kernel de Linux antes de la versión 5.1.13 puede ser desencadenada por un programa malintencionado en modo de usuario que omite ciertos atributos NFC, lo que conduce a la denegación de servicio. • http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://www.securityfocus.com/bid/108905 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13 https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51 https://seclists.org/bugtraq/2019/Aug/13 https://security.netapp.com/advisory/ntap-20190806-0001 https://usn.ubuntu.com/4093-1 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4117-1 https://usn. • CWE-476: NULL Pointer Dereference •