CVE-2021-20226: A Reference-Counting Bug in the LinuxKernel io_uring Subsystem
In June 2020, we received a Linuxkernel submission detailing a reference-counting bug in the… performed in one system call. Linuxkernel 5.6 has a flawed implementation of the IORING_OP_CLOSE…CVE-2021-20226: A Reference-Counting Bug in the LinuxKernel io_uring Subsystem… Vulnerability Linuxkernel 5.1 introduced a new asynchronous I/O feature called io_uring. This… (@Ga_ryo_) of Flatt Security. We believe that the vulnerability affected the Linuxkernel from version 5.6…
ZDI-20-1440: An Incorrect Calculation Bug in the LinuxKernel eBPF Verifier
ZDI-20-1440: An Incorrect Calculation Bug in the LinuxKernel eBPF Verifier…In April 2020, the ZDI received a Linuxkernel submission that turned out to be an incorrect… vulnerability affects the current Linuxkernel long term version from 4.9 to 4.13. One particular distribution… Security bypasses the eBPF verification and can lead to out-of-bounds (OOB) access in the Linuxkernel. The… eBPF verifier is a well-known source of Linuxkernel local privilege escalation…
CVE-2021-31440: An Incorrect Bounds Calculation in the LinuxKernel eBPF Verifier
CVE-2021-31440: An Incorrect Bounds Calculation in the LinuxKernel eBPF Verifier…In April 2021, the ZDI received a Linuxkernel submission that turned out to be an incorrect bounds… particular bug bypassed the eBPF verification and resulted in an out-of-bounds (OOB) access in the Linux…kernel. The researcher exploited this bug and demonstrated a Kubernetes container escape. The patch… was recently released as CVE-2021-31440 . Linuxkernel versions from 5.7 and on were affected. The…
Welcome to Pwn2Own 2017 - The Schedule
Desktop SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) welcomes Ubuntu Linux to Pwn2Own… with a Linuxkernel heap out-of-bound access. They earned themselves $15,000 and 3 Master of Pwn points…
The Results – Pwn2Own 2017 Day One
was welcomed to Pwn2Own by the Chaitin Security Research Lab. They leveraged a Linuxkernel heap out…
The Top 5 Bugs Submitted in 2021
-date patches. LinuxKernel eBPF Improper Input Validation Privilege Escalation Vulnerability eBPF… and fixed in this commit to the Linuxkernel. The flaw is in the reasoning used by the eBPF compiler…
Looking Back at the Bugs of 2022
video of these bugs in action: ZDI-22-1690: LinuxKernel This bug is the lone CVSS 10 advisory we… that putting an SMB server in a Linuxkernel module is…problematic. ZDI-22-856: OPC UA .NET Standard…
The Left Branch Less Travelled: A Story of a Mozilla Firefox Use-After-Free Vulnerability
Linuxkernel released a patch to address a denial-of-service condition that was caused by a UAF…
MindShaRE: How to “Just Emulate It With QEMU”
QEMU we typically need the following things: -- A QEMU disk image file (qcow2) -- A Linuxkernel image… hardware platform. The -append options lets you tweak the kernel options passed into the Linux…kernel. I like to put the QEMU command into a bash script to speed up the process of making adjustments…
MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router
Linux-based and is running a very old Linuxkernel. Figure 16 - Showing the Linux version To conserve…
The August 2017 Security Update Review
(IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. Of these 48 CVEs…
Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI
boot partition contains the Android/Linuxkernel version 3.18.24. · The dtb partition contains…
The September 2022 Security Update Review
Microsoft is producing patches for the Linuxkernel boggles the mind. And, of course, it wouldn’t be a… Components; Windows Defender; and LinuxKernel (really). This is in addition to the 15 CVEs patched in…
CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE
code (right) Interestingly, in 2012, the Linuxkernel fixed a very similar issue in the handling of… RAW sockets - CVE-2012-6657 Kernel: net: guard tcp_set_keepalive against crash: Figure 9 - Linux… patch for CVE-2012-6657 Conclusion Historically, kernel privilege escalation vulnerabilities in ESXi…
The September 2018 Security Update Review
was initially discovered in the Linuxkernel TCP/IP implementation, but it clearly affects Windows as…
CVE-2020-8835: LinuxKernel Privilege Escalation via Improper eBPF Program Verification
Since version 3.15, the Linuxkernel supports a general tracing feature called “extended Berkeley…CVE-2020-8835: LinuxKernel Privilege Escalation via Improper eBPF Program Verification… improper input validation bug in the Linuxkernel to go from a standard user to root. Manfred used this bug…
The November 2022 Security Update Review
Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2022…; SysInternals; Visual Studio; SharePoint Server; Network Policy Server (NPS); Windows BitLocker; and Linux…Kernel and Open Source Software. This is in addition to five other CVEs from third parties being…
Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System
archive of the entire root file system, • linux1 containing the Linuxkernel 3.0.35, • ibc1 and ibc2…
MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja
mention a few of the more likely sinks: copy_to_user() in case of Linuxkernel, copyout() in case of…
The December 2022 Security Update Review
No EoP CVE-2022-44689 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege…