Skip to content

Latest Security Vulnerabilities

Loading…
  • Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation
    on May 21, 2022 at 3:50 pm

    Posted by Solar Designer on May 21Norbert, Thank you for bringing this to oss-security and for including the detail on triggering and exploiting the issue. Since you shared actual exploit code on linux-distros, you’re supposed to also post that to […]

  • CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation
    on May 20, 2022 at 8:16 pm

    Posted by Norbert Slusarek on May 20Hello, this is an announcement for a recently reported vulnerability (CVE-2022-1729) in the perf subsystem of the Linux kernel. The issue is a race condition which was proven to allow for a local privilege […]

  • Re: linux-distros list policy and Linux kernel
    on May 20, 2022 at 8:18 am

    Posted by Vegard Nossum on May 20[…] As a distribution, our preference is to see sources/patches and binaries released simultaneously by both upstream and distributions. This way, the window of exploitation for attackers combing through git […]

  • Re: linux-distros list policy and Linux kernel
    on May 19, 2022 at 7:54 pm

    Posted by Alan Coopersmith on May 19If you wanted to be in that position, you could take steps to be able to do so without getting fired. Oracle sanctions my participation in the X.Org Security Team, including my disclosure of security fixes in […]

  • Re: linux-distros list policy and Linux kernel
    on May 19, 2022 at 1:11 pm

    Posted by Dan Carpenter on May 19What I wish we had is a private way to tell maintainers “You may want to pick up a patch.” It has to be private. Sending emails to oss-security does not work. I don’t know how to distributions do embargos and I […]

  • CVE-2022-29581: Linux kernel cls_u32 UAF
    on May 18, 2022 at 8:02 pm

    Posted by Kyle Zeng on May 18Hi there, I recently discovered that a patch in Linux kernel upstream has security implications. And some vendor-maintained kernels were still affected when I checked on May 17th. # Impact I wrote a proof-of-concept […]