exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2024-36489

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // In tls_init() // In tls_ctx_create() ctx = kzalloc() ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1) // In update_sk_prot() WRITE_ONCE(sk->sk_prot, tls_prots) -(2) // In sock_common_setsockopt() READ_ONCE(sk->sk_prot)->setsockopt() // In tls_{setsockopt,getsockopt}() ctx->sk_proto->setsockopt() -(3) In the above scenario, when (1) and (2) are reordered, (3) can observe the NULL value of ctx->sk_proto, causing NULL dereference. To fix it, we rely on rcu_assign_pointer() which implies the release barrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is initialized, we can ensure that ctx->sk_proto are visible when changing sk->sk_prot.

Related Files

Ubuntu Security Notice USN-7009-2
Posted Sep 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7009-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48772, CVE-2023-52887, CVE-2024-23848, CVE-2024-25741, CVE-2024-31076, CVE-2024-34027, CVE-2024-35247, CVE-2024-36015, CVE-2024-36032, CVE-2024-36489, CVE-2024-36894, CVE-2024-36972, CVE-2024-36974, CVE-2024-37356
SHA-256 | bc022d142c18a55625e63d62b56d8f76cf8e0a79f3f0ed802474777c8cbc4817
Download | Favorite | View
Ubuntu Security Notice USN-7007-3
Posted Sep 24, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7007-3 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48772, CVE-2024-23848, CVE-2024-25741, CVE-2024-31076, CVE-2024-33621, CVE-2024-34027, CVE-2024-34777, CVE-2024-35247, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36489, CVE-2024-36894, CVE-2024-36972
SHA-256 | ef3c54a1054dde36cb3bb88462606dc7b4117a7ccefd9ff9d1de96a5c1e0b601
Download | Favorite | View
Ubuntu Security Notice USN-6999-2
Posted Sep 24, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6999-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48772, CVE-2024-23848, CVE-2024-32936, CVE-2024-33621, CVE-2024-34027, CVE-2024-34777, CVE-2024-36015, CVE-2024-36244, CVE-2024-36270, CVE-2024-36286, CVE-2024-36479, CVE-2024-36484, CVE-2024-36489, CVE-2024-36971
SHA-256 | 6de1a939eafe16bbd634cfe3102ff4999f4af2a0695f025ac13e7dadc3e0867a
Download | Favorite | View
Ubuntu Security Notice USN-7009-1
Posted Sep 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7009-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48772, CVE-2024-23848, CVE-2024-25741, CVE-2024-31076, CVE-2024-33847, CVE-2024-34027, CVE-2024-34777, CVE-2024-35247, CVE-2024-36015, CVE-2024-36032, CVE-2024-36270, CVE-2024-36489, CVE-2024-36894, CVE-2024-36971
SHA-256 | 5b612a46c804c77ac14a7809a47fec0de9fff4a8a6439f91a0d5ad4c32a28058
Download | Favorite | View
Ubuntu Security Notice USN-7004-1
Posted Sep 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7004-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48772, CVE-2024-23848, CVE-2024-32936, CVE-2024-33619, CVE-2024-33621, CVE-2024-34027, CVE-2024-36015, CVE-2024-36244, CVE-2024-36286, CVE-2024-36288, CVE-2024-36478, CVE-2024-36479, CVE-2024-36484, CVE-2024-36489
SHA-256 | 431af02c0d9e5c558fd6375749c474c2ba15897d474ed112193b050613cb07f8
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close