AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Mce remote mapper rc41/7/2024 ![]() User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel This could lead to local escalation of privilege with System execution privileges needed. In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. In the default configuration root (or equivalent) permissions are required to attack this flaw. ![]() If the permissions on the device have changed the impact changes greatly. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. A local user could use this flaw to crash the system.Ī race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.Ī race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. Jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. This can be triggered by a local user who has no access to any user namespace however, the race condition perhaps can only be exploited infrequently. In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts.
0 Comments
Read More
Leave a Reply. |