CVE-2017-1000379

Related Files

Kernel Live Patch Security Notice LSN-0030-1

Posted Sep 19, 2017

Authored by Benjamin M. Romer

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local

systems | linux

advisories | CVE-2017-1000251, CVE-2017-1000379, CVE-2017-10663

SHA-256 | f03b9428d67dc46ff3b712d7c827a00f746ceef20553d5b7b9236072384bb73e

Download | Favorite | View

Linux Kernel ldso_hwcap_64 Stack Clash Privilege Escalation

Posted Jun 30, 2017

Site qualys.com

Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.

tags | exploit, kernel

systems | linux, debian, fedora, ubuntu, centos

advisories | CVE-2017-1000366, CVE-2017-1000379

SHA-256 | 7c324e4c61aee597fae1e36e8fbd936e360099156578d347ef8a0c10d633cce6

Download | Favorite | View