CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15274 – kernel: dereferencing NULL payload with nonzero length
https://notcve.org/view.php?id=CVE-2017-15274
12 Oct 2017 — security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. security/keys/keyctl.c en el kernel de Linux en versiones anteriores a la 4.11.5 no tiene en cuenta el caso de una carga útil NULL junto con un valor de longitud que no sea cero, lo qu... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12192 – kernel: NULL pointer dereference due to KEYCTL_READ on negative key
https://notcve.org/view.php?id=CVE-2017-12192
12 Oct 2017 — The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. La función keyctl_read_key en security/keys/keyctl.c en el subcomponente Key Management en el kernel de Linux en versiones anteriores a la 4.13.5 no considera correctamente que se puede ten... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12188 – Kernel: KVM: MMU potential stack buffer overrun during page walks
https://notcve.org/view.php?id=CVE-2017-12188
11 Oct 2017 — arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." arch/x86/kvm/mmu.c en el kernel de Linux hasta 4.13.5, cuando se utiliza la virtualización anidada, no atraviesa adecuadamente las... • http://www.securityfocus.com/bid/101267 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14991 – Ubuntu Security Notice USN-3469-2
https://notcve.org/view.php?id=CVE-2017-14991
03 Oct 2017 — The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. La función sg_ioctl en drivers/scsi/sg.c en el kernel de Linux en versiones anteriores a la 4.13.4 permite que los usuarios locales obtengan información sensible de zonas de la memoria dinámica del kernek no inicializadas mediante una llamada IOCTL SG_GET_REQUEST_TABLE a /dev/sg0. A... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14954 – Ubuntu Security Notice USN-3487-1
https://notcve.org/view.php?id=CVE-2017-14954
01 Oct 2017 — The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call. La implementación waitid en kernel/exit.c en el kernel de Linux hasta la versión 4.13.4 accede a estructuras de datos rusage en casos que no debería, lo que permite a los usuarios locales obtener información sensible y omitir el mecanismo de protección ... • https://github.com/echo-devim/exploit_linux_kernel4.13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12154 – Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register
https://notcve.org/view.php?id=CVE-2017-12154
26 Sep 2017 — The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. La función prepare_vmcs02 en arch/x86/kvm/vmx.c en el kernel de Linux hasta la versión 4.13.3 no asegura que los controles L0 vmcs02 "CR8-load exiting" y "CR8-store exiting" ex... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000252 – kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ
https://notcve.org/view.php?id=CVE-2017-1000252
26 Sep 2017 — The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. El subsistema KVM en el kernel de Linux hasta la versión 4.13.3 permite que los usuarios invitados del sistema operativo provoquen una denegación de servicio (fallo de aserción y bloqueo o cierre inesperado del hipervisor) mediante un valor guest_irq fuera de límite... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12153 – Ubuntu Security Notice USN-3469-2
https://notcve.org/view.php?id=CVE-2017-12153
21 Sep 2017 — A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. Se descubrió un fallo de seguridad en la función nl80211_set_rekey_data() en net/wireless/nl80211.c en el kernel de Linux hasta la versión 4.13.3. La... • http://seclists.org/oss-sec/2017/q3/437 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-14497
https://notcve.org/view.php?id=CVE-2017-14497
15 Sep 2017 — The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. La función tpacket_rcv en net/packet/af_packet.c en el kernel de Linux en versiones anteriores a la 4.13 no gestiona correctamente cabeceras vnet, lo que podría permitir que usuarios locales provoquen una denegación de servicio... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edbd58be15a957f6a760c4a514cd475217eb97fd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14340 – kernel: xfs: unprivileged user kernel oops
https://notcve.org/view.php?id=CVE-2017-14340
15 Sep 2017 — The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. La macro XFS_IS_REALTIME_INODE en fs/xfs/xfs_linux.h en el kernel de Linux en versiones anteriores a la 4.13.2 no verifica que un sistema de archivos tenga un dispositivo realtime, lo que permite que usuarios loc... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc • CWE-391: Unchecked Error Condition CWE-476: NULL Pointer Dereference •