Miklos Szeredi

5 exploits Active since Jun 2005
CVE-2016-6198 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.5.5 - Denial of Service via OverlayFS Self-Hardlink Rename
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.
CVSS 5.5
CVE-2015-1339 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.4 - Memory Leak in cuse_channel_release
Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.
CVSS 6.2
CVE-2021-3732 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.14 - Exposure of Sensitive Information via OverlayFS TmpFS Mount
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
CVSS 5.5
CVE-2005-1858 EXPLOITDB c WORKING POC
FUSE 2.x < 2.3.0 - Information Disclosure via Unfilled Memory Pages
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
CVE-2009-1961 EXPLOITDB MEDIUM c WORKING POC
Linux Kernel < 2.6.19 - Denial of Service via Inode Double Locking Deadlock
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.
CVSS 4.7