CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0NotCVE-2024-0002 – AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%
https://notcve.org/view.php?id=NotCVE-2024-0002
03 Jan 2025 — A vulnerability exists in the Linux kernel's Address Space Layout Randomization (ASLR) implementation affecting AMD Bulldozer (Family 15h) processors. To mitigate cache aliasing penalties, certain memory-mapped objects, including the Virtual Dynamic Shared Object (VDSO) and shared libraries, are assigned memory addresses with bits 12 through 14 set to zero, effectively reducing entropy by 87.5%. This reduction significantly weakens ASLR's effectiveness, making systems more susceptible to exploitation. The i... • https://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html • CWE-331: Insufficient Entropy •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0NotCVE-2024-0001 – Linux ASLR Weakness: Improper Bit-Mask Manipulation Reducing mmap Entropy by Half
https://notcve.org/view.php?id=NotCVE-2024-0001
03 Jan 2025 — A flaw in the Linux kernel's Address Space Layout Randomization (ASLR) implementation affects certain architectures, including PowerPC, Sparc64, and ARM. Due to improper bit-mask manipulation during the randomization of the mmap base address, the entropy is reduced by half, decreasing from 18 bits to 17 bits. This reduction significantly lowers the effectiveness of ASLR, making it easier for attackers to predict memory allocation and potentially exploit vulnerabilities that rely on memory address randomizat... • https://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html • CWE-331: Insufficient Entropy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1226
https://notcve.org/view.php?id=CVE-2014-1226
06 Apr 2018 — The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876. La función (1) pipe_init_terminal en main.c en s3dvt permite que usuarios locales obtengan privilegios aprovechando los permisos setuid y el uso de bash en versiones 4.3 y anteriores. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-6876. • http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-4484 – Cryptsetup 2:1.7.3-2 Root Initramfs Shell
https://notcve.org/view.php?id=CVE-2016-4484
16 Nov 2016 — The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. La secuencia de comandos initrd de Debian para el paquete cryptsetup 2:1.7.3-2 y versiones anteriores permite a atacantes físicamente próximos obtener acceso a shell a través de muchos intentos de inicio de sesión con una contraseña no válida. A vulnerability in Cryptsetup, concretely in the scripts that unlock the system part... • http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2016-3672 – Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
https://notcve.org/view.php?id=CVE-2016-3672
07 Apr 2016 — The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. La función arch_pick_mmap_layout en arch/x86/mm/mmap.c en el kernel de Linux hasta la versión 4.5.2 no maneja de forma aleatoria el legado de ... • http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis • CWE-254: 7PK - Security Features CWE-341: Predictable from Observable State •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2015-8370 – grub2: buffer overflow when checking password entered during bootup
https://notcve.org/view.php?id=CVE-2015-8370
15 Dec 2015 — Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. Múltiple desbordamiento inferior de entero en Grub2 1.98 hasta la versión 2.02 permite a atacantes ... • http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-264: Permissions, Privileges, and Access Controls CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8777 – glibc: LD_POINTER_GUARD in the environment is not sanitized
https://notcve.org/view.php?id=CVE-2015-8777
26 May 2015 — The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. La función process_envvars en elf/rtld.c en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a usuarios locales eludir un mecanismo de protección de puntero a través de un valor cero de la variable de entorno LD_POINTER_GUARD. It was foun... • http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html • CWE-254: 7PK - Security Features •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1593 – kernel: Linux stack ASLR implementation Integer overflow
https://notcve.org/view.php?id=CVE-2015-1593
16 Feb 2015 — The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. La característica de aleatoriedad de la pila en el Kernel de Linux anterior a 3.19.1 en plataformas... • http://hmarco.org/bugs/linux-ASLR-integer-overflow.html • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 3CVE-2015-1574 – Google Email 4.4.2.0200 Denial of Service
https://notcve.org/view.php?id=CVE-2015-1574
13 Feb 2015 — The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message. La aplicación para Android Google Email 4.2.2.0200 permite a atacantes remotos causar una denegación de servicio (caída de aplicación persistente) a través de una cabecera 'Content-Disposition: ;' en un mensaje de email. A bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can ... • http://hmarco.org/bugs/google_email_app_4.2.2_denial_of_service.html • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6876 – s3dvt Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-6876
02 Jun 2014 — The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed. Las funciones (1) pty_init_terminal y (2) pipe_init_terminal en main.c en s3dvt, en versiones 0.2.2 y anteriores, permiten que usuarios locales obtengan privilegios aprovechando ... • http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html • CWE-264: Permissions, Privileges, and Access Controls •