Andrea Arcangeli

9 exploits Active since Jun 1997
CVE-2011-2183 WRITEUP WRITEUP
Linux Kernel < 2.6.39.3 - Race Condition in KSM scan_get_next_rmap_item
Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.
CVE-2019-11599 WRITEUP HIGH WRITEUP
Linux kernel <5.0.10 - Info Disclosure
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
CVSS 7.0
CVE-2013-0309 WRITEUP WRITEUP
Linux Kernel < 3.6.2 - Denial of Service via PROT_NONE Memory Handling
arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application.
CVE-2017-15126 WRITEUP HIGH WRITEUP
Linux Kernel < 4.13.6 - Use-After-Free in userfaultfd Event Handling
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().
CVSS 8.1
CVE-2017-15127 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13 - Denial of Service via Implicit Page Unlock in hugetlb_mcopy_atomic_pte
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
CVSS 5.5
CVE-2017-15128 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.12 - Denial of Service via hugetlb_mcopy_atomic_pte Size Check
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
CVSS 5.5
CVE-2018-18397 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.19.7 - Incorrect Authorization via userfaultfd UFFDIO_ ioctl
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
CVSS 5.5
CVE-1999-0281 EXPLOITDB c WORKING POC
Internet Information Server - Denial of Service via Long URL
Denial of service in IIS using long URLs.
CVE-1999-0986 EXPLOITDB c WORKING POC
Linux Kernel 2.0.3x - Denial of Service via Large Packets with Record Route Option
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.