CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16536 – Ubuntu Security Notice USN-3619-1
https://notcve.org/view.php?id=CVE-2017-16536
04 Nov 2017 — The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. La función cx231xx_usb_probe en drivers/media/usb/cx231xx/cx231xx-cards.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre in... • https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16538 – Ubuntu Security Notice USN-3631-2
https://notcve.org/view.php?id=CVE-2017-16538
04 Nov 2017 — drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). drivers/media/usb/dvb-usb-v2/lmedm04.c en el kernel de Linux hasta la versión 4.13.10 permite que los usuarios locales provoquen una denegación de servic... • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15951 – Ubuntu Security Notice USN-3485-2
https://notcve.org/view.php?id=CVE-2017-15951
28 Oct 2017 — The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.13.10 no sincroniza correctamente las acciones de actualización con las de detección de una clave en el estado "negative" para evitar una... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5321
https://notcve.org/view.php?id=CVE-2010-5321
24 Apr 2017 — Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsiste... • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
03 Apr 2017 — The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17807 – kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission
https://notcve.org/view.php?id=CVE-2017-17807
03 Apr 2017 — The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.14.6 omitía una compr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16649 – Ubuntu Security Notice USN-3822-2
https://notcve.org/view.php?id=CVE-2017-16649
03 Apr 2017 — The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. La función usbnet_generic_cdc_bind en drivers/net/usb/cdc_ether.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (error de división por cero y cierre inesperado del sistema) o... • http://www.securityfocus.com/bid/101761 • CWE-369: Divide By Zero •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16646 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-16646
03 Apr 2017 — drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. drivers/media/usb/dvb-usb/dib0700_devices.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (error y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB m... • http://www.securityfocus.com/bid/101846 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 2CVE-2018-5333 – Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-5333
03 Apr 2017 — In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. En el kernel de Linux hasta la versión 4.14.13, la función rds_cmsg_atomic en net/rds/rdma.c gestiona de manera incorrecta los casos en los que fracasa la asignación de páginas o cuando se proporciona una dirección no válida, lo que conduce a una desreferencia de puntero NULL en rds_atomic_f... • https://packetstorm.news/files/id/156053 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0CVE-2017-16532 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-16532
03 Apr 2017 — The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. La función get_endpoints en drivers/usb/misc/usbtest.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o, posiblemente,... • https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8 • CWE-476: NULL Pointer Dereference •