CVE-2024-32019.zip
2.5 KB
CVE-2024-32019
Author: justjoeyking
Netdata is an open source observability tool. In affected versions the
GitHub Link:
https://github.com/justjoeyking/CVE-2024-32019-ndsudo
Author: justjoeyking
Netdata is an open source observability tool. In affected versions the
ndsudo tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The ndsudo tool is packaged as a root-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the PATH environment variable. This allows an attacker to control where ndsudo looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.GitHub Link:
https://github.com/justjoeyking/CVE-2024-32019-ndsudo
CVE-2025-38001.zip
6.6 KB
CVE-2025-38001
Author: boeseejykbtanke348
In the Linux kernel, the following vulnerability has been resolved:
netsched: hfsc: Address reentrant enqueue adding class to eltree twice
Savino says:
"We are writing to report that this recent patch
(141d34391abbb315d68556b7c67ad97885407547) [1]
can be bypassed, and a UAF can still occur when HFSC is utilized with
NETEM.
The patch only checks the cl->clnactive field to determine whether
it is the first insertion or not 2, but this field is only
incremented by initvf [3].
By using HFSCRSC (which uses inited) [4], it is possible to bypass the
check and insert the class twice in the eltree.
Under normal conditions, this would lead to an infinite loop in
hfscdequeue for the reasons we already explained in this report 5.
However, if TBF is added as root qdisc and it is configured with a
ver...
Author: boeseejykbtanke348
In the Linux kernel, the following vulnerability has been resolved:
netsched: hfsc: Address reentrant enqueue adding class to eltree twice
Savino says:
"We are writing to report that this recent patch
(141d34391abbb315d68556b7c67ad97885407547) [1]
can be bypassed, and a UAF can still occur when HFSC is utilized with
NETEM.
The patch only checks the cl->clnactive field to determine whether
it is the first insertion or not 2, but this field is only
incremented by initvf [3].
By using HFSCRSC (which uses inited) [4], it is possible to bypass the
check and insert the class twice in the eltree.
Under normal conditions, this would lead to an infinite loop in
hfscdequeue for the reasons we already explained in this report 5.
However, if TBF is added as root qdisc and it is configured with a
ver...
CVE-2025-13486
Author: 0xnemian
None
GitHub Link:
https://github.com/0xnemian/CVE-2025-13486.-CVE-2025-13486
Author: 0xnemian
None
GitHub Link:
https://github.com/0xnemian/CVE-2025-13486.-CVE-2025-13486
CVE-2025-55182
Author: 7ealvivek
None
GitHub Link:
https://github.com/7ealvivek/CVE-2025-55182-by-realvivek
Author: 7ealvivek
None
GitHub Link:
https://github.com/7ealvivek/CVE-2025-55182-by-realvivek