Paul Mackerras

3 exploits Active since Dec 2022
CVE-2023-5717 NOMISEC HIGH STUB
Linux Kernel < 3.3 - Out-of-Bounds Write
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
CVSS 7.8
CVE-2022-4603 WRITEUP MEDIUM WRITEUP
ppp - Buffer Overflow
A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.
CVSS 4.3
CVE-2024-58250 WRITEUP CRITICAL WRITEUP
ppp <2.5.2 - Privilege Escalation
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
CVSS 9.3