Marcus Meissner
Marcus Meissner
Hi, On AMD processor the processor flag is "ibpb" instead of "spec_ctrl". - if grep ^flags /proc/cpuinfo | grep -qw spec_ctrl; then + if grep ^flags /proc/cpuinfo | grep -qw...
**System (please complete the following information):** - OS: SLES 15 SP3 - Kernel version (if applicable): 5.3 based - strongSwan version(s): 5.8.2 - Tested/confirmed with the latest version: no **Describe...
via oss-sec The exploit code can be found at https://github.com/tr3ee/CVE-2022-23222
perhaps ltp can also test mq_notify problems in glibc? https://sourceware.org/bugzilla/show_bug.cgi?id=27896 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-33574
there are reproducers available for CVE-2022-0185 https://www.openwall.com/lists/oss-security/2022/01/25/14 has links or even a zip file for an exploit https://github.com/Crusaders-of-Rust/CVE-2022-0185 the exploits are kind of complicated as they try to be complete,...
https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html describes a vmacache exploit and has a reproducer / poc could be implementable in ltp
https://github.com/torvalds/linux/commit/4ea77014af0d6205b05503d1c7aac6eace11d473 fixes a kill bounds condition ... might just be exposed using UBSAN, but should be test covered too.
https://bugzilla.suse.com/show_bug.cgi?id=1094353 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=794b4bc292f5d31739d89c0202c54e7dc9bc3add
https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4 fixes this issue: wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 It might not show up in normal kernels, but this condition should have a ltp test.
an ext4 issue has this reproducer: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19319 was fixed in 5.2 kernel.