#linux

A bug in the eBPF Verifier branch pruning logic can lead to unsafe code paths being incorrectly marked as safe. As demonstrated in the exploitation section, this can be leveraged to get arbitrary read/write in kernel memory, leading to local privilege escalation and Container escape.

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This is the proof of concept exploit produced by Google.

Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This is a proof of concept exploit produced by Google.

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky

Gentoo Linux Security Advisory 202408-13 - A vulnerability has been discovered in Nokogiri, which can lead to a denial of service. Versions greater than or equal to 1.13.10 are affected.

Debian Linux Security Advisory 5740-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.

Gentoo Linux Security Advisory 202408-12 - A vulnerability has been discovered in Bitcoin, which can lead to a denial of service. Versions greater than or equal to 25.0 are affected.

Debian Linux Security Advisory 5739-1 - user able to escalate to the netdev group can load arbitrary shared object files in the context of the wpa_supplicant process running as root.

Gentoo Linux Security Advisory 202408-11 - Multiple vulnerabilities have been discovered in aiohttp, the worst of which could lead to service compromise. Versions greater than or equal to 3.9.4 are affected.

Gentoo Linux Security Advisory 202408-10 - Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service. Versions greater than or equal to 1.61.0 are affected.