CVE-2017-6278
https://notcve.org/view.php?id=CVE-2017-6278
NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. El kernel de NVIDIA Tegra contiene una vulnerabilidad en el controlador CORE DVFS Thermal, donde existe la posibilidad de que se produzca una lectura o escritura de búfer empleando un índice o un puntero que haga referencia a una ubicación en la memoria después del final del búfer, lo que puede conducir a una denegación de servicio (DoS) o a un posible escalado de privilegios. • http://nvidia.custhelp.com/app/answers/detail/a_id/4635 https://nvidia.custhelp.com/app/answers/detail/a_id/4787 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. Dnsmasq versions prior to 2.78 suffer from a 2-byte heap-based overflow vulnerability. • https://www.exploit-db.com/exploits/42941 https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4560 http://nvidia.custhelp.com/a • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2017-1000251 – Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas de configuración L2CAP, lo que desemboca en la ejecución remota de código en el espacio del kernel. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. • https://www.exploit-db.com/exploits/42762 https://github.com/hayzamjs/Blueborne-CVE-2017-1000251 https://github.com/own2pwn/blueborne-CVE-2017-1000251-POC https://github.com/sgxgsx/blueborne-CVE-2017-1000251 https://github.com/tlatkdgus1/blueborne-CVE-2017-1000251 http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100809 http://www.securitytracker.com/id/1039373 https://access.redhat.com/errata& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •