veritas501

9 exploits Active since Jul 2021
CVE-2022-34918 NOMISEC HIGH WORKING POC
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
219 stars
CVSS 7.8
CVE-2021-22555 NOMISEC HIGH WORKING POC
Netfilter x_tables Heap OOB Write Privilege Escalation
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
37 stars
CVSS 8.3
CVE-2022-25636 NOMISEC HIGH WORKING POC
Linux Kernel 5.4-5.6.10 - Privilege Escalation via nf_dup_netdev Heap Out-of-Bounds Write
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
20 stars
CVSS 7.8
CVE-2022-0185 NOMISEC HIGH WORKING POC
Linux kernel - Privilege Escalation
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
17 stars
CVSS 8.4
CVE-2022-3910 NOMISEC HIGH WORKING POC
Linux Kernel 5.18-5.19.10 - Use-After-Free in io_uring Fixed File Handling
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
12 stars
CVSS 7.8
CVE-2022-2588 NOMISEC MEDIUM WORKING POC
Linux Kernel < 4.9.326 - Use-After-Free in cls_route Filter Implementation
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
11 stars
CVSS 5.3
CVE-2023-0386 NOMISEC HIGH WORKING POC
Local Privilege Escalation via CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
10 stars
CVSS 7.8
CVE-2021-4154 NOMISEC HIGH WORKING POC
Linux Kernel >=5.1 <5.4.134 - Use-After-Free in cgroup v1 Parser
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
7 stars
CVSS 8.8
CVE-2022-42703 NOMISEC MEDIUM WORKING POC
Linux Kernel < 5.19.7 - Use-After-Free in anon_vma Reuse
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
4 stars
CVSS 5.5