Andrea Arcangeli

7 exploits Active since Jun 1997
CVE-2013-0309 WRITEUP WRITEUP
Linux Kernel < 3.6.1 - Memory Corruption
arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application.
CVE-2017-15126 WRITEUP HIGH WRITEUP
Linux Kernel < 4.13.6 - Use After Free
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().
CVSS 8.1
CVE-2017-15127 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13 - Denial of Service
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
CVSS 5.5
CVE-2017-15128 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.11 - Memory Corruption
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
CVSS 5.5
CVE-2018-18397 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.19.7 - Incorrect Authorization
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
CVSS 5.5
CVE-1999-0281 EXPLOITDB c WORKING POC
Microsoft Internet Information Server - Denial of Service
Denial of service in IIS using long URLs.
CVE-1999-0986 EXPLOITDB c WORKING POC
Debian Linux - Denial of Service
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.