CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18200
https://notcve.org/view.php?id=CVE-2017-18200
26 Feb 2018 — The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. La implementación f2fs en el kernel de Linux, en versiones anteriores a la 4.14, gestiona erróneamente las cuentas asociadas a las llamadas f2fs_wait_discard_bios. Esto permite que usuarios locales provoquen una denegación de servicio (bug), tal y como demuestra fstrim. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18193
https://notcve.org/view.php?id=CVE-2017-18193
22 Feb 2018 — fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. fs/f2fs/extent_cache.c en el kernel de Linux, en versiones anteriores a la 4.13, gestiona de forma incorrecta los árboles extent, lo que permite que usuarios locales provoquen una denegación de servicio (error) mediante una aplicación con múltiples hilos. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-7273 – Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
https://notcve.org/view.php?id=CVE-2018-7273
21 Feb 2018 — In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. En el kernel de Linux hasta la versión 4.15.4, el controlador del disquete revela las direcciones de las funciones del kernel y las variables glob... • https://www.exploit-db.com/exploits/44325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
https://notcve.org/view.php?id=CVE-2018-6927
12 Feb 2018 — The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando u... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18174
https://notcve.org/view.php?id=CVE-2017-18174
11 Feb 2018 — In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. En el kernel de Linux, en versiones anteriores a la 4.7, la función amd_gpio_remove en drivers/pinctrl/pinctrl-amd.c llama a la función pinctrl_unregister, lo que conduce a una doble liberación (double free). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=251e22abde21833b3d29577e4d8c7aaccd650eee • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6412
https://notcve.org/view.php?id=CVE-2018-6412
31 Jan 2018 — In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. En la función sbusfb_ioctl_helper() en drivers/video/fbdev/sbuslib.c en el kernel de Linux hasta la versión 4.15, un error en la propiedad signedness de un número entero permite la fuga de información arbitraria para los comandos FBIOPUTCMAP_SPARC y FBIOGETCMAP_SPARC. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-18079
https://notcve.org/view.php?id=CVE-2017-18079
29 Jan 2018 — drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. drivers/input/serio/i8042.c en el kernel de Linux en versiones anteriores a la 4.12.4 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que, posiblemente, tengan otro tipo de imp... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5750 – kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
https://notcve.org/view.php?id=CVE-2018-5750
26 Jan 2018 — The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. La función acpi_smbus_hc_add en drivers/acpi/sbshc.c en el kernel de Linux hastas la versión 4.14.15 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg de una llamada SBS HC printk. The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.1... • http://www.securitytracker.com/id/1040319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2018-1000004 – kernel: Race condition in sound system can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-1000004
16 Jan 2018 — In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. En el kernel de Linux en versiones 4.12, 3.10, 2.6 y, probablemente, versiones anteriores, existe una vulnerabilidad en el sistema de sonido, lo que puede conducir a un deadlock y a una condición de denegación de servicio (DoS). In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerabilit... • http://seclists.org/oss-sec/2018/q1/51 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15127 – kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2017-15127
14 Jan 2018 — A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). Se encontró un error en la función hugetlb_mcopy_atomic_pte en mm/hugetlb.c en el kernel de Linux en versiones anteriores a la 4.13. Un desbloqueo superfluo implícito de página para la representación hugetlbfs de VM_SHARED podría desembocar una denegación de servicio local (error). A flaw w... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995 • CWE-460: Improper Cleanup on Thrown Exception •