CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1000204 – kernel: Infoleak caused by incorrect handling of the SG_IO ioctl
https://notcve.org/view.php?id=CVE-2018-1000204
26 Jun 2018 — Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /de... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12633
https://notcve.org/view.php?id=CVE-2018-12633
22 Jun 2018 — An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and inf... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd23a7269834dc7c1f93e83535d16ebc44b75eba • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10723
https://notcve.org/view.php?id=CVE-2016-10723
21 Jun 2018 — An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle. ** EN D... • https://patchwork.kernel.org/patch/10395909 • CWE-399: Resource Management Errors •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5814
https://notcve.org/view.php?id=CVE-2018-5814
12 Jun 2018 — In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. En el kernel de Linux en versiones anteriores a la 4.16.11, 4.14.43, 4.9.102 y 4.4.133, múltiples errores de condición de carrera al gestionar operaciones probe, disconnect y rebind pueden explotarse para desencadenar una con... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12232 – kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor
https://notcve.org/view.php?id=CVE-2018-12232
12 Jun 2018 — In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. En net/socket.c en el kernel de Linux hasta la versión 4.17.1, hay una condición de carrera entr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12233
https://notcve.org/view.php?id=CVE-2018-12233
12 Jun 2018 — In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. En la función ea_get en fs/jfs/xattr.c en el kernel de Linux hasta la versión 4.17.1, un error de corrupción de... • http://www.securityfocus.com/bid/104452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2018-11508 – Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
https://notcve.org/view.php?id=CVE-2018-11508
28 May 2018 — The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. Se ha descubierto un problema en Moodle 3.x. Al sustituir URL en los portfolios, los usuarios pueden instanciar cualquier clase. Esto también puede ser explotado por usuarios que hayan iniciado sesión como invitados para lanzar un ataque DDoS. Linux kernel version 4.13 suffers from a compat_get_timex() kernel pointer leak vulnerability. • https://www.exploit-db.com/exploits/46208 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 2CVE-2018-1120 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1120
22 May 2018 — A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18270 – kernel: improper keyrings creation
https://notcve.org/view.php?id=CVE-2017-18270
18 May 2018 — In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. En el kernel de Linux, en versiones anteriores a la 4.13.5, un usuario local podría crear keyrings para otros usuarios mediante comandos keyctl, estableciendo configuraciones por defecto no deseadas o provocando una denegación de servicio (DoS). A flaw was found in the Linux kernel in the way a local user could create keyrings for other users vi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11232
https://notcve.org/view.php?id=CVE-2018-11232
18 May 2018 — The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. La función etm_setup_aux function en drivers/hwtracing/coresight/coresight-etm-perf.c en el kernel de Linux en versiones anteriores a la 4.10.2 permite que los atacantes provoquen una denegación de servicio (pánico) debido a que un parámetro se emplea de forma incorrecta como variabl... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f09444639099584bc4784dfcd85ada67c6f33e0f • CWE-20: Improper Input Validation •