- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalationon May 21, 2022 at 3:50 pm
Posted by Solar Designer on May 21Norbert, Thank you for bringing this to oss-security and for including the detail on triggering and exploiting the issue. Since you shared actual exploit code on linux-distros, you’re supposed to also post that to […]
- CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalationon May 20, 2022 at 8:16 pm
Posted by Norbert Slusarek on May 20Hello, this is an announcement for a recently reported vulnerability (CVE-2022-1729) in the perf subsystem of the Linux kernel. The issue is a race condition which was proven to allow for a local privilege […]
- Re: linux-distros list policy and Linux kernelon May 20, 2022 at 8:18 am
Posted by Vegard Nossum on May 20[…] As a distribution, our preference is to see sources/patches and binaries released simultaneously by both upstream and distributions. This way, the window of exploitation for attackers combing through git […]
- Re: linux-distros list policy and Linux kernelon May 19, 2022 at 7:54 pm
Posted by Alan Coopersmith on May 19If you wanted to be in that position, you could take steps to be able to do so without getting fired. Oracle sanctions my participation in the X.Org Security Team, including my disclosure of security fixes in […]
- Re: linux-distros list policy and Linux kernelon May 19, 2022 at 1:11 pm
Posted by Dan Carpenter on May 19What I wish we had is a private way to tell maintainers “You may want to pick up a patch.” It has to be private. Sending emails to oss-security does not work. I don’t know how to distributions do embargos and I […]
- CVE-2022-29581: Linux kernel cls_u32 UAFon May 18, 2022 at 8:02 pm
Posted by Kyle Zeng on May 18Hi there, I recently discovered that a patch in Linux kernel upstream has security implications. And some vendor-maintained kernels were still affected when I checked on May 17th. # Impact I wrote a proof-of-concept […]
VulDB Updates Updates
- CVE-2015-4227 | Cisco Headend System Release resource management (CSCus91838 / BID-75465)by vuldb.com on May 22, 2022 at 10:28 am
A vulnerability, which was classified as problematic, was found in Cisco Headend System Release. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2015-4227. It is possible to initiate the attack remotely. There is no […]
- CVE-2015-4226 | Cisco 9900 Phone 9.3(2) RTP Hang resource management (CSCur39976 / BID-75471)by vuldb.com on May 22, 2022 at 10:21 am
A vulnerability, which was classified as problematic, has been found in Cisco 9900 Phone 9.3(2). Affected by this issue is some unknown functionality of the component RTP Handler. The manipulation leads to denial of service (Hang). This vulnerability is handled as CVE-2015-4226. The attack […]
- CVE-2015-1986 | IBM Tivoli Storage Manager Fastback up to 6.1.11 Server command injection (BID-75461 / ID 84585)by vuldb.com on May 22, 2022 at 10:13 am
A vulnerability classified as critical has been found in IBM Tivoli Storage Manager Fastback up to 6.1.11. Affected is an unknown function of the component Server. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2015-1986. It is possible to launch the attack […]
- CVE-2015-1965 | IBM Tivoli Storage Manager Fastback up to 6.1.11 Server memory corruption (BID-75458 / ID 84585)by vuldb.com on May 22, 2022 at 9:58 am
A vulnerability was found in IBM Tivoli Storage Manager Fastback up to 6.1.11. It has been rated as critical. This issue affects some unknown processing of the component Server. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2015-1965. The attack […]
- CVE-2015-1964 | IBM Tivoli Storage Manager Fastback up to 6.1.11 Server memory corruption (BID-75457 / ID 84585)by vuldb.com on May 22, 2022 at 9:43 am
A vulnerability was found in IBM Tivoli Storage Manager Fastback up to 6.1.11. It has been declared as critical. This vulnerability affects unknown code of the component Server. The manipulation leads to memory corruption. This vulnerability was named CVE-2015-1964. The attack can be initiated […]
- CVE-2015-1963 | IBM Tivoli Storage Manager Fastback up to 6.1.11 memory corruption (BID-75455 / ID 84585)by vuldb.com on May 22, 2022 at 9:29 am
A vulnerability was found in IBM Tivoli Storage Manager Fastback up to 6.1.11. It has been classified as critical. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2015-1963. It is possible to initiate the attack […]
- CVE-2015-1962 | IBM Tivoli Storage Manager Fastback up to 6.1.11 Server memory corruption (BID-75454 / ID 84585)by vuldb.com on May 22, 2022 at 9:14 am
A vulnerability was found in IBM Tivoli Storage Manager Fastback up to 6.1.11 and classified as critical. Affected by this issue is some unknown functionality of the component Server. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2015-1962. The attack may be […]