Cong Wang

6 exploits Active since Jul 2013
CVE-2017-11176 WRITEUP HIGH WRITEUP
Linux Kernel <= 4.11.9 - Use-After-Free in mq_notify Netlink Socket Handling
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
CVSS 7.8
CVE-2018-5873 WRITEUP HIGH WRITEUP
Linux kernel <4.11 - Use After Free
An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.
CVSS 7.0
CVE-2018-7191 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.14 - Denial of Service via TUNSETIFF ioctl with Invalid Device Name
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
CVSS 5.5
CVE-2013-4129 WRITEUP WRITEUP
Linux Kernel <= 3.10.3 - Denial of Service via Bridge Multicast Timer Mismanagement
The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.
CVE-2018-12232 WRITEUP MEDIUM WRITEUP
Linux kernel <4.17.1 - Use After Free
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
CVSS 5.9
CVE-2018-14734 WRITEUP HIGH WRITEUP
Linux Kernel < 4.17.11 - Use-After-Free in ucma_leave_multicast
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
CVSS 7.8