CVSS: 7.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000026 – kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
https://notcve.org/view.php?id=CVE-2018-1000026
03 Apr 2017 — Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. El kernel de Linux, al menos desde la versión v4.8, contiene una vulnerabilidad de validación de entradas in... • http://lists.openwall.net/netdev/2018/01/16/40 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18204 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-18204
03 Apr 2017 — The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. La función ocfs2_setattr en fs/ocfs2/file.c en el kernel de Linux, en versiones anteriores a la 4.14.2, permite que usuarios locales provoquen una denegación de servicio (deadlock) mediante peticiones DIO. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17450 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-17450
03 Apr 2017 — net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. net/netfilter/xt_osf.c en el kernel de Linux hasta la versión 4.14.4 no requiere la capacidad CAP_NET_ADMIN para operaciones "add_callback" y "remove_callback", lo que permite que usuarios locales omitan las restricc... • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html • CWE-862: Missing Authorization •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
03 Apr 2017 — The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a... • http://www.openwall.com/lists/oss-security/2017/12/04/2 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2647 – kernel: Null pointer dereference in search_keyring
https://notcve.org/view.php?id=CVE-2017-2647
31 Mar 2017 — The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a 3.18 permite a los usuarios locales obtener privilegios o provocar una denegación de servicio (referencia a puntero NULL y bloqueo del sistema) a través de vec... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7346 – Debian Security Advisory 3927-1
https://notcve.org/view.php?id=CVE-2017-7346
30 Mar 2017 — The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_gb_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión4.10.7 no valida ciertos niveles de datos, lo que permite a usuarios locales provocar una denegación de servi... • http://marc.info/?l=linux-kernel&m=149086968410117&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 5CVE-2017-7308 – Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7308
29 Mar 2017 — The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. La función packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versión 4.10.6, no comprueba apropiadamente ciertos datos de tamaño de bloque, lo que ... • https://packetstorm.news/files/id/147685 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7294 – kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
https://notcve.org/view.php?id=CVE-2017-7294
29 Mar 2017 — The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.6 ... • http://www.securityfocus.com/bid/97177 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7277 – Ubuntu Security Notice USN-3314-1
https://notcve.org/view.php?id=CVE-2017-7277
28 Mar 2017 — The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. La pila TCP en el kernel de Linux hasta la versión 4.10.6 no maneja adecuadamente la funcionalidad SCM_TIMESTAMPING_OPT_STATS, lo que permite a usuarios locales obtener información s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7261 – Ubuntu Security Notice USN-3291-1
https://notcve.org/view.php?id=CVE-2017-7261
24 Mar 2017 — The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.5 no verifica el valor cero de ciertos niveles de ... • http://marc.info/?t=149037004200005&r=1&w=2 • CWE-20: Improper Input Validation •