Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu
By Oriol Castejón Overview In early January 2024, a Project Zero issue for a recently fixed io_uring use-after-free (UAF) vulnerability (CVE-2024-0582) was made public. Reading the
Exodus ensures that each and every discovered vulnerability is relevant, reliable, and well-documented before we disclose the issue to the appropriate vendor for remediation.
By Oriol Castejón Overview In early January 2024, a Project Zero issue for a recently fixed io_uring use-after-free (UAF) vulnerability (CVE-2024-0582) was made public. Reading the
EIP-13d90c2b The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability
EIP-5a0f4b12 The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability
EIP-552c9116 A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution.