OpenBSD kernel relinking is not transactional and a local exploit exists

Read Time:24 Second

Posted by Schech, C. W. (“Connor”) on Jun 19

The automatic and mandatory-by-default reordering of OpenBSD kernels
is NOT transactional and as a result, a local unpatched exploit exists
which allows tampering or replacement of the kernel. Arbitrary build
artifacts are cyclically relinked with no data integrity or provenance
being maintained or verified for the objects being consumed with
respect to the running kernel before and during the execution of the
mandatory kernel_reorder process in…

llama-cpp-b4094-11.fc42

FEDORA-2025-b356588c06 Packages in this update: llama-cpp-b4094-11.fc42 Update description: Fix bz2358011 Read More

April 10, 2025

ZDI-CAN-26839: LiteLLM

A CVSS score 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to...

April 10, 2025

USN-7430-1: Dino vulnerability

Kim Alvefur discovered that Dino did not correctly sanitize certain messages. A remote attacker could possibly use this issue to...

April 9, 2025

USN-7346-3: OpenSC vulnerabilities

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression which broke smartcard based authentication. This update fixes the problem....

April 9, 2025

USN-7426-2: poppler vulnerabilities

USN-7426-1 fixed several vulnerabilities in poppler. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS....

April 9, 2025

fish-3.7.1-2.el9

FEDORA-EPEL-2025-cd25b2c8a7 Packages in this update: fish-3.7.1-2.el9 Update description: Fixes a security issue that requires updating to fish >= 3.6.2 See...

April 9, 2025

China-based SMS Phishing Triad Pivots to Banks

Google Cloud: China Achieves “Cyber Superpower” Status

Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity

Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024

SpyNote Malware Targets Android Users with Fake Google Play Pages

AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites

Operation Endgame Continues with Smokeloader Customer Arrests

Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing

WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit

OpenBSD kernel relinking is not transactional and a local exploit exists

llama-cpp-b4094-11.fc42

ZDI-CAN-26839: LiteLLM

USN-7430-1: Dino vulnerability

USN-7346-3: OpenSC vulnerabilities

USN-7426-2: poppler vulnerabilities

fish-3.7.1-2.el9