Daniel Borkmann

8 exploits Active since Sep 2013
CVE-2013-4350 WRITEUP WRITEUP
Linux Kernel < 3.11.1 - Cryptographic Issue
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-1421 WRITEUP WRITEUP
Linux kernel <3.18.8 - Use After Free
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
CVE-2017-17853 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.9 - Memory Corruption
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
CVSS 7.8
CVE-2017-17854 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.9 - Integer Overflow
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
CVSS 7.8
CVE-2017-17857 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.9 - Memory Corruption
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
CVSS 7.8
CVE-2018-25020 WRITEUP HIGH WRITEUP
Linux kernel <4.17 - Buffer Overflow
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.
CVSS 7.8
CVE-2019-7308 WRITEUP MEDIUM WRITEUP
Linux kernel <4.20.6 - Memory Corruption
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
CVSS 5.6
CVE-2021-31829 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.12.1 - Incorrect Authorization
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.
CVSS 5.5