Herbert Xu

9 exploits Active since Dec 2008
CVE-2017-16939 WRITEUP HIGH WRITEUP
Linux kernel <4.13.11 - Privilege Escalation/DoS
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
CVSS 7.8
CVE-2013-3076 WRITEUP WRITEUP
Linux kernel <3.9-rc8 - Info Disclosure
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.
CVE-2016-8646 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.3.6 - Denial of Service via Zero-Byte Socket Hash Algorithm Use
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.
CVSS 5.5
CVE-2016-9806 WRITEUP HIGH WRITEUP
Linux Kernel < 3.12.62 - Race Condition in netlink_dump Function
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
CVSS 7.8
CVE-2017-15116 WRITEUP MEDIUM WRITEUP
Linux kernel < 4.2 - Denial of Service via NULL Pointer Dereference in rngapi_reset
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
CVSS 5.5
CVE-2017-9211 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.11.2 - Denial of Service via crypto_skcipher_init_tfm NULL Pointer Dereference
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
CVSS 5.5
CVE-2018-25062 WRITEUP LOW WRITEUP
ElementalX < 7.00 - Denial of Service in ipsec xfrm_dump_policy_done
A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152.
CVSS 3.5
CVE-2022-3028 WRITEUP HIGH WRITEUP
Linux Kernel 3.14-4.9.326 - Race Condition in XFRM Subsystem via xfrm_probe_algs
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
CVSS 7.0
CVE-2008-5713 EXPLOITDB c WORKING POC
Linux Kernel < 2.6.25 - Denial of Service via Network Traffic Flood
The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode.