CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7495 – kernel: ext4: power failure during write(2) causes on-disk information leak
https://notcve.org/view.php?id=CVE-2017-7495
15 May 2017 — fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. En el archivo fs/ext4/inode.c en el kernel de Linux anterior a versión 4.6.2, cuando es usado el modo data=ordered de ext4, maneja inapropiadamente una lista de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7487
https://notcve.org/view.php?id=CVE-2017-7487
14 May 2017 — The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. La función ipxitf_ioctl en el archivo net/ipx/af_ipx.c en el kernel de Linux hasta la versión 4.11.1, maneja inapropiadamente conteos de referencias, lo que permite a los usuarios locales causar una denegación de servicio (uso de m... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80 • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8924
https://notcve.org/view.php?id=CVE-2017-8924
12 May 2017 — The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. La función edge_bulk_in_callback en drivers/usb/serial/io_ti.c en el kernel de Linux anterior a 4.10.4 permite a los usuarios locales obtener información sensible (en el dmesg ringbuffer y s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8925
https://notcve.org/view.php?id=CVE-2017-8925
12 May 2017 — The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. La función omninet_open en drivers/usb/serial/omninet.c en kernel de Linux anterior a 4.10.4 permite a los usuarios locales causar una denegación de servicio (agotamiento de tty) aprovechando el manejo incorrecto del contador de referencia. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30572418b445d85fcfe6c8fe84c947d2606767d8 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7472 – Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service
https://notcve.org/view.php?id=CVE-2017-7472
11 May 2017 — The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls. El subsistema KEYS en el kernel de Linux anterior a 4.10.13 permite a los usuarios locales causar una denegación de servicio (consumo de memoria) a través de una serie de llamadas KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring. A vulnerability was found in the Linux kernel where the keyctl_set_reqk... • https://www.exploit-db.com/exploits/42136 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 3CVE-2017-8890 – kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
https://notcve.org/view.php?id=CVE-2017-8890
10 May 2017 — The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. La función inet_csk_clone_lock en net / ipv4 / inet_connection_sock.c en el kernel de Linux hasta la versión 4.10.15 permite a los atacantes causar una denegación de servicio (double free) u otro impacto no especificado al aprovechar el uso de la llamada al sis... • https://github.com/beraphin/CVE-2017-8890 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8831
https://notcve.org/view.php?id=CVE-2017-8831
08 May 2017 — The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. La función saa7164_bus_get en el archivo drivers/media/pci/saa7164/saa7164-bus.c en el kernel de Linux hasta versión 4.11.5, permite a los usuarios locales causar una denegación de servicio (acceso de matr... • http://www.securityfocus.com/archive/1/540770/30/0/threaded • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 88%CPEs: 8EXPL: 0CVE-2017-7895 – kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests
https://notcve.org/view.php?id=CVE-2017-7895
28 Apr 2017 — The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. Las implementaciones de los servidores NFSv2 y NFSv3 en versiones del kernel de Linux 4.10.13 y anteriores, no realizan ciertas comprobaciones de la parte final de un búfer lo que permitiría a atacantes rem... • http://www.debian.org/security/2017/dsa-3886 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7477 – kernel: net: Heap overflow in skb_to_sgvec in macsec.c
https://notcve.org/view.php?id=CVE-2017-7477
25 Apr 2017 — Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. Un desbordamiento de buffer basado en memoria dinámica en drivers/net/macsec.c del módulo MACsec en el kernel del Linux hasta la versión 4.10.12, permitiría a los ataca... • http://www.securityfocus.com/bid/98014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5321
https://notcve.org/view.php?id=CVE-2010-5321
24 Apr 2017 — Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsiste... • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 • CWE-772: Missing Release of Resource after Effective Lifetime •