CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-7374 – Kernel Live Patch Security Notice LSN-0022-1
https://notcve.org/view.php?id=CVE-2017-7374
31 Mar 2017 — Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. Vulnerabilidad de uso después de liberación de memoria en fs/crypto/ en el kernel de Linux en versiones anteriores a 4.10.7 permite a usuarios locales provocar una denegación de servicio (refere... • https://github.com/ww9210/cve-2017-7374 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7346 – Debian Security Advisory 3927-1
https://notcve.org/view.php?id=CVE-2017-7346
30 Mar 2017 — The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_gb_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión4.10.7 no valida ciertos niveles de datos, lo que permite a usuarios locales provocar una denegación de servi... • http://marc.info/?l=linux-kernel&m=149086968410117&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 5CVE-2017-7308 – Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7308
29 Mar 2017 — The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. La función packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versión 4.10.6, no comprueba apropiadamente ciertos datos de tamaño de bloque, lo que ... • https://packetstorm.news/files/id/147685 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7294 – kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
https://notcve.org/view.php?id=CVE-2017-7294
29 Mar 2017 — The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.6 ... • http://www.securityfocus.com/bid/97177 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7277 – Ubuntu Security Notice USN-3314-1
https://notcve.org/view.php?id=CVE-2017-7277
28 Mar 2017 — The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. La pila TCP en el kernel de Linux hasta la versión 4.10.6 no maneja adecuadamente la funcionalidad SCM_TIMESTAMPING_OPT_STATS, lo que permite a usuarios locales obtener información s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a • CWE-125: Out-of-bounds Read •
CVSS: 6.6EPSS: 0%CPEs: 110EXPL: 0CVE-2017-7273 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2017-7273
27 Mar 2017 — The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. La función cp_report_fixup en drivers/hid/hid-cypress.c en el kernel de Linux 3.2 y 4.x en versiones anteriores a 4.9.4 permite a atacantes físicamente próximos provocar una denegación de servicio (desbordamiento inferior de entero) o posiblemente tener ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1ebb71143758f45dc0fa76e2f48429e13b16d110 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7261 – Ubuntu Security Notice USN-3291-1
https://notcve.org/view.php?id=CVE-2017-7261
24 Mar 2017 — The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.5 no verifica el valor cero de ciertos niveles de ... • http://marc.info/?t=149037004200005&r=1&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7187 – kernel: scsi: Stack-based buffer overflow in sg_ioctl function
https://notcve.org/view.php?id=CVE-2017-7187
20 Mar 2017 — The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. La función sg_ioctl en drivers/scsi/sg.c en el kernel de Linux hasta la versión 4.10.4 permite a usuarios locales provocar una denegación de servicio (desbordamiento de búfer basado en pila) ... • http://www.securityfocus.com/bid/96989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-7184 – Linux Kernel XFRM Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-7184
19 Mar 2017 — The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. La función xfrm_replay_verify_len en net/xfrm/xfrm_user.c en el kernel ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2017-2636 – kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
https://notcve.org/view.php?id=CVE-2017-2636
07 Mar 2017 — Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Condición de carrera en drivers/tty/n_hdlc.c en el kernel de Linux hasta la versión 4.10.1 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (liberación doble) ajustando la línea de disciplina HDLC. A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdl... • https://github.com/alexzorin/cve-2017-2636-el • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-415: Double Free •