CVE-2017-9074 – kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option
https://notcve.org/view.php?id=CVE-2017-9074
19 May 2017 — The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. La implementación IPv6 Fragmentation en el kernel de Linux hasta la versión 4.11.1 no considera que el campo nexthdr puede estar asociado a una opción no válida, lo que permite a los usuari... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2423496af35d94a87156b063ea5cedffc10a70a1 • CWE-125: Out-of-bounds Read •
CVE-2017-9059
https://notcve.org/view.php?id=CVE-2017-9059
18 May 2017 — The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. La implementación NFSv4 en el kernel de Linux hasta versión 4.11.1, permite a los usuarios locales causar una denegación de servicio (consumo de recursos) para aprovechar el apagado inapropiado de la devolución de llamada de canal al desmontar un... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1 • CWE-404: Improper Resource Shutdown or Release •
CVE-2017-7495 – kernel: ext4: power failure during write(2) causes on-disk information leak
https://notcve.org/view.php?id=CVE-2017-7495
15 May 2017 — fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. En el archivo fs/ext4/inode.c en el kernel de Linux anterior a versión 4.6.2, cuando es usado el modo data=ordered de ext4, maneja inapropiadamente una lista de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVE-2017-7487 – Ubuntu Security Notice USN-3329-1
https://notcve.org/view.php?id=CVE-2017-7487
14 May 2017 — The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. La función ipxitf_ioctl en el archivo net/ipx/af_ipx.c en el kernel de Linux hasta la versión 4.11.1, maneja inapropiadamente conteos de referencias, lo que permite a los usuarios locales causar una denegación de servicio (uso de m... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80 • CWE-416: Use After Free •
CVE-2017-8924 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2017-8924
12 May 2017 — The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. La función edge_bulk_in_callback en drivers/usb/serial/io_ti.c en el kernel de Linux anterior a 4.10.4 permite a los usuarios locales obtener información sensible (en el dmesg ringbuffer y s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2017-8925 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2017-8925
12 May 2017 — The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. La función omninet_open en drivers/usb/serial/omninet.c en kernel de Linux anterior a 4.10.4 permite a los usuarios locales causar una denegación de servicio (agotamiento de tty) aprovechando el manejo incorrecto del contador de referencia. USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30572418b445d85fcfe6c8fe84c947d2606767d8 • CWE-404: Improper Resource Shutdown or Release •
CVE-2017-7472 – Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service
https://notcve.org/view.php?id=CVE-2017-7472
11 May 2017 — The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls. El subsistema KEYS en el kernel de Linux anterior a 4.10.13 permite a los usuarios locales causar una denegación de servicio (consumo de memoria) a través de una serie de llamadas KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring. A vulnerability was found in the Linux kernel where the keyctl_set_reqk... • https://packetstorm.news/files/id/142871 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVE-2017-8890 – kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
https://notcve.org/view.php?id=CVE-2017-8890
10 May 2017 — The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. La función inet_csk_clone_lock en net / ipv4 / inet_connection_sock.c en el kernel de Linux hasta la versión 4.10.15 permite a los atacantes causar una denegación de servicio (double free) u otro impacto no especificado al aprovechar el uso de la llamada al sis... • https://github.com/beraphin/CVE-2017-8890 • CWE-415: Double Free CWE-416: Use After Free •
CVE-2017-8831 – Ubuntu Security Notice USN-3420-2
https://notcve.org/view.php?id=CVE-2017-8831
08 May 2017 — The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. La función saa7164_bus_get en el archivo drivers/media/pci/saa7164/saa7164-bus.c en el kernel de Linux hasta versión 4.11.5, permite a los usuarios locales causar una denegación de servicio (acceso de matr... • http://www.securityfocus.com/archive/1/540770/30/0/threaded • CWE-125: Out-of-bounds Read •
CVE-2015-9004
https://notcve.org/view.php?id=CVE-2015-9004
02 May 2017 — kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. kernel/events/core.c en el kernel de Linux anterior a la versión 3.19 no gestiona correctamente el contador grouping, lo que permite a usuarios locales escalar privilegios a través de una aplicación especialmente diseñada para provechar el fallo, relacionado con la apertura de funciones the per... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511 • CWE-264: Permissions, Privileges, and Access Controls •