CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-7482 – kernel: net/rxrpc: overflow in decoding of krb5 principal
https://notcve.org/view.php?id=CVE-2017-7482
03 Jul 2017 — In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. en el kernel de Linux en versiones anteriores a la 4.12, los tickets de Kerberos 5 descifrados al emplear las claves RXRPC de forma incorrecta asumen el tamaño de un campo. Esto podría ... • http://seclists.org/oss-sec/2017/q2/602 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9986
https://notcve.org/view.php?id=CVE-2017-9986
28 Jun 2017 — The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. La función intr en el archivo sound/oss/msnd_pinnacle.c en el kernel de Linux hasta la versión 4.11.7 permite a usuarios locales causar una denegación de servicio (acceso por encima del l... • http://www.securityfocus.com/bid/99336 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-9985 – Ubuntu Security Notice USN-3469-2
https://notcve.org/view.php?id=CVE-2017-9985
28 Jun 2017 — The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. La función snd_msndmidi_input_read en el archivo sound/isa/msnd/msnd_midi.c en el kernel de Linux hasta la versión 4.11.7 permite a los usuarios locales causar una den... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-9984 – Ubuntu Security Notice USN-3469-2
https://notcve.org/view.php?id=CVE-2017-9984
28 Jun 2017 — The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. La función snd_msnd_interrupt en el archivo sound/isa/msnd/msnd_pinnacle.c en el kernel de Linux hasta la versión 4.11.7 permite a los usuarios locales causar una deneg... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1000363 – Ubuntu Security Notice USN-3333-1
https://notcve.org/view.php?id=CVE-2017-1000363
20 Jun 2017 — Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. Una escritura fuera de límites en el archivo drivers/ch... • http://www.debian.org/security/2017/dsa-3945 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1000365 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000365
19 Jun 2017 — The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. El Kernel de Linux impone una restricción de tamaño en los argumentos y cadenas de entorno pasados por medio ... • http://www.debian.org/security/2017/dsa-3927 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2017-1000379 – Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000379
19 Jun 2017 — The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. El Kernel de Linux ejecutándose en sistemas AMD64 a veces asignará el contenido de un ejecutable PIE, la región heap o el archivo ld.so donde la pila es asignada, permitiendo a los atacantes manipular más fácilmente la pila. Kernel de Linux versión 4.11.5, esta afectado. The... • https://packetstorm.news/files/id/143205 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-1000364 – Solaris - RSH Stack Clash Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000364
19 Jun 2017 — An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). Se ha descubierto un problema en el tamaño de la página de stack guard en Linux; específicamente, una página 4k stack guard no es lo suficientemente grande y puede "saltarse" (se omite la página de stack guard). Esto afe... • https://packetstorm.news/files/id/149804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000380 – kernel: information leak due to a data race in ALSA timer
https://notcve.org/view.php?id=CVE-2017-1000380
17 Jun 2017 — sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. El archivo sound/core/timer.c en el kernel de Linux anterior a versión 4.11.5, es vulnerable a una carrera de datos en el controlador de /dev/snd/timer de ALSA, resultando en que los usuarios locales sean capace... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9605 – Debian Security Advisory 3927-1
https://notcve.org/view.php?id=CVE-2017-9605
13 Jun 2017 — The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitializ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07678eca2cf9c9a18584e546c2b2a0d0c9a3150c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •