CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17450 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-17450
03 Apr 2017 — net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. net/netfilter/xt_osf.c en el kernel de Linux hasta la versión 4.14.4 no requiere la capacidad CAP_NET_ADMIN para operaciones "add_callback" y "remove_callback", lo que permite que usuarios locales omitan las restricc... • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html • CWE-862: Missing Authorization •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
03 Apr 2017 — The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a... • http://www.openwall.com/lists/oss-security/2017/12/04/2 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-7374 – Kernel Live Patch Security Notice LSN-0022-1
https://notcve.org/view.php?id=CVE-2017-7374
31 Mar 2017 — Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. Vulnerabilidad de uso después de liberación de memoria en fs/crypto/ en el kernel de Linux en versiones anteriores a 4.10.7 permite a usuarios locales provocar una denegación de servicio (refere... • https://github.com/ww9210/cve-2017-7374 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7346 – Debian Security Advisory 3927-1
https://notcve.org/view.php?id=CVE-2017-7346
30 Mar 2017 — The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_gb_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión4.10.7 no valida ciertos niveles de datos, lo que permite a usuarios locales provocar una denegación de servi... • http://marc.info/?l=linux-kernel&m=149086968410117&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 5CVE-2017-7308 – Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7308
29 Mar 2017 — The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. La función packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versión 4.10.6, no comprueba apropiadamente ciertos datos de tamaño de bloque, lo que ... • https://packetstorm.news/files/id/147685 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7294 – kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
https://notcve.org/view.php?id=CVE-2017-7294
29 Mar 2017 — The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.6 ... • http://www.securityfocus.com/bid/97177 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7277 – Ubuntu Security Notice USN-3314-1
https://notcve.org/view.php?id=CVE-2017-7277
28 Mar 2017 — The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. La pila TCP en el kernel de Linux hasta la versión 4.10.6 no maneja adecuadamente la funcionalidad SCM_TIMESTAMPING_OPT_STATS, lo que permite a usuarios locales obtener información s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a • CWE-125: Out-of-bounds Read •
CVSS: 6.6EPSS: 0%CPEs: 110EXPL: 0CVE-2017-7273 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2017-7273
27 Mar 2017 — The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. La función cp_report_fixup en drivers/hid/hid-cypress.c en el kernel de Linux 3.2 y 4.x en versiones anteriores a 4.9.4 permite a atacantes físicamente próximos provocar una denegación de servicio (desbordamiento inferior de entero) o posiblemente tener ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1ebb71143758f45dc0fa76e2f48429e13b16d110 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7261 – Ubuntu Security Notice USN-3291-1
https://notcve.org/view.php?id=CVE-2017-7261
24 Mar 2017 — The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.5 no verifica el valor cero de ciertos niveles de ... • http://marc.info/?t=149037004200005&r=1&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7187 – kernel: scsi: Stack-based buffer overflow in sg_ioctl function
https://notcve.org/view.php?id=CVE-2017-7187
20 Mar 2017 — The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. La función sg_ioctl en drivers/scsi/sg.c en el kernel de Linux hasta la versión 4.10.4 permite a usuarios locales provocar una denegación de servicio (desbordamiento de búfer basado en pila) ... • http://www.securityfocus.com/bid/96989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •