CVSS: 8.6EPSS: 74%CPEs: 4EXPL: 0CVE-2017-8797 – kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand
https://notcve.org/view.php?id=CVE-2017-8797
02 Jul 2017 — The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system. El servidor NFSv4 en el kernel de Linux en versiones anteriores a la 4.11.3 no valida c... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9986
https://notcve.org/view.php?id=CVE-2017-9986
28 Jun 2017 — The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. La función intr en el archivo sound/oss/msnd_pinnacle.c en el kernel de Linux hasta la versión 4.11.7 permite a usuarios locales causar una denegación de servicio (acceso por encima del l... • http://www.securityfocus.com/bid/99336 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-9985
https://notcve.org/view.php?id=CVE-2017-9985
28 Jun 2017 — The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. La función snd_msndmidi_input_read en el archivo sound/isa/msnd/msnd_midi.c en el kernel de Linux hasta la versión 4.11.7 permite a los usuarios locales causar una den... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-9984
https://notcve.org/view.php?id=CVE-2017-9984
28 Jun 2017 — The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. La función snd_msnd_interrupt en el archivo sound/isa/msnd/msnd_pinnacle.c en el kernel de Linux hasta la versión 4.11.7 permite a los usuarios locales causar una deneg... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1000363
https://notcve.org/view.php?id=CVE-2017-1000363
20 Jun 2017 — Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. Una escritura fuera de límites en el archivo drivers/ch... • http://www.debian.org/security/2017/dsa-3945 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2017-1000370 – Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000370
19 Jun 2017 — The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems. El parche offset2lib tal como es usado por el... • https://www.exploit-db.com/exploits/42274 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 3CVE-2017-1000371 – Linux Kernel - 'offset2lib' Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000371
19 Jun 2017 — The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.... • https://www.exploit-db.com/exploits/42273 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000364 – Solaris - RSH Stack Clash Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000364
19 Jun 2017 — An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). Se ha descubierto un problema en el tamaño de la página de stack guard en Linux; específicamente, una página 4k stack guard no es lo suficientemente grande y puede "saltarse" (se omite la página de stack guard). Esto afe... • https://www.exploit-db.com/exploits/45625 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2017-1000379 – Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000379
19 Jun 2017 — The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. El Kernel de Linux ejecutándose en sistemas AMD64 a veces asignará el contenido de un ejecutable PIE, la región heap o el archivo ld.so donde la pila es asignada, permitiendo a los atacantes manipular más fácilmente la pila. Kernel de Linux versión 4.11.5, esta afectado. • https://www.exploit-db.com/exploits/42275 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1000365
https://notcve.org/view.php?id=CVE-2017-1000365
19 Jun 2017 — The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. El Kernel de Linux impone una restricción de tamaño en los argumentos y cadenas de entorno pasados por medio ... • http://www.debian.org/security/2017/dsa-3927 •