Allele Security Intelligence

ASA-2020-00050 – Linux kernel: Use-after-free vulnerability in cgroup BPF component

Posted on September 16, 2020September 16, 2020 by Allele Security Intelligence in Alerts

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch.

ASA-2019-00658 – Linux kernel: Mounting a crafted btrfs filesystem image can lead to a use-after-free through syncfs system call

Posted on February 17, 2020February 17, 2020 by Allele Security Intelligence in Alerts

Mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

ASA-2019-00657 – Linux kernel: Use-after-free vulnerability when deleting a file from a recently unmounted specially crafted ext4 filesystem

Posted on February 14, 2020February 15, 2020 by Allele Security Intelligence in Alerts

A flaw was found in the Linux kernel's ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI.

ASA-2019-00646 – Electron: Chromium WebAudio Use-After-Free Vulnerability

Posted on December 2, 2019December 9, 2019 by Allele Security Intelligence in Alerts

A vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron. Use-after-free in WebAudio in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ASA-2019-00636 – Linux kernel: Use-after-free in aa_audit_rule_init()

Posted on November 8, 2019November 15, 2019 by Allele Security Intelligence in Alerts

There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.

ASA-2019-00630 – Linux kernel: Wrong locking causes race conditions on streaming stop in vivid driver

Posted on November 7, 2019December 6, 2019 by Allele Security Intelligence in Alerts

An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem).

ASA-2019-00562 – VMware ESXi, Workstation, Fusion, Remote Console and Horizon Client: Use-after-free vulnerability in the virtual sound device

Posted on October 14, 2019October 21, 2019 by Allele Security Intelligence in Alerts

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. A local attacker with non-administrative access on the guest machine may exploit this issue to execute code on the host.

ASA-2019-00553 – Linux kernel: Use-after-free in Binder driver

Posted on October 4, 2019December 2, 2019 by Allele Security Intelligence in Alerts

There is a use-after-free of the wait member in the binder_thread struct in the binder driver at /drivers/android/binder.c.