Paul Mackerras

5 exploits Active since Aug 2016
CVE-2023-5717 NOMISEC HIGH STUB
Linux Kernel 3.2.95-3.2.99 - Heap Out-of-bounds Write in Performance Events Component
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
CVSS 7.8
CVE-2016-5412 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.7 - Denial of Service via H_CEDE Hypercall
arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.
CVSS 6.5
CVE-2020-8597 WRITEUP CRITICAL WRITEUP
ppp <2.4.8 - Buffer Overflow
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
CVSS 9.8
CVE-2022-4603 WRITEUP MEDIUM WRITEUP
ppp < 2.5.0 - Improper Validation of Array Index in pppdump dumpppp Function
A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.
CVSS 4.3
CVE-2024-58250 WRITEUP CRITICAL WRITEUP
ppp < 2.5.2 - Privilege Escalation via Passprompt Plugin
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
CVSS 9.3