Allele Security Intelligence

ASA-2020-00038 – Linux kernel: Memory corruption due to the lack of validation of an sk_family field in vhost subsystem

Posted on March 25, 2020March 25, 2020 by Allele Security Intelligence in Alerts

In the Linux kernel, get_raw_socket() in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

ASA-2019-00658 – Linux kernel: Mounting a crafted btrfs filesystem image can lead to a use-after-free through syncfs system call

Posted on February 17, 2020February 17, 2020 by Allele Security Intelligence in Alerts

Mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

ASA-2019-00657 – Linux kernel: Use-after-free vulnerability when deleting a file from a recently unmounted specially crafted ext4 filesystem

Posted on February 14, 2020February 15, 2020 by Allele Security Intelligence in Alerts

A flaw was found in the Linux kernel's ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI.

ASA-2019-00662 – Git: Recursive submodule cloning allows using git directory twice with synonymous directory name written in .git/

Posted on December 12, 2019December 12, 2019 by Allele Security Intelligence in Alerts

When submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice. When using submodule paths that refer to the same file system entity (e.g. using the NTFS Alternate Data Streams attack mentioned in CVE-2019-1352 where files would be written to the `.git/` directory using a synonymous directory name), it was possible to "squat" on the `git~1` shortname on NTFS drives, opening attacks via `git~2`. This also affects Git when run as a Linux application inside the Windows Subsystem for Linux.

ASA-2019-00644 – Linux kernel: A memory leak in ql_alloc_large_buffers()

Posted on December 4, 2019December 10, 2019 by Allele Security Intelligence in Alerts

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures.

ASA-2019-00643 – Linux kernel: Two memory leaks in sja1105_static_config_upload()

Posted on December 4, 2019December 10, 2019 by Allele Security Intelligence in Alerts

Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures.

ASA-2019-00642 – Linux kernel: A memory leak in ccp_run_sha_cmd()

Posted on December 4, 2019December 10, 2019 by Allele Security Intelligence in Alerts

A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).

ASA-2019-00636 – Linux kernel: Use-after-free in aa_audit_rule_init()

Posted on November 8, 2019November 15, 2019 by Allele Security Intelligence in Alerts

There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.