CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-8065
https://notcve.org/view.php?id=CVE-2017-8065
23 Apr 2017 — crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. crypto/ccm.c en el kernel de Linux 4.9.x y 4.10.x hasta la versión 4.10.12 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, que permite a usuarios locales provocar una denegac... • http://www.openwall.com/lists/oss-security/2017/04/16/4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8064 – Ubuntu Security Notice USN-3314-1
https://notcve.org/view.php?id=CVE-2017-8064
23 Apr 2017 — drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. drivers/media/usb/dvb-usb-v2/dvb_usb_core.cen el kernel de Linux 4.9.x y 4.10.x en versiones anteriores a 4.10.12 interactúa incorrectamente con la opción C... • http://www.debian.org/security/2017/dsa-3886 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2017-7645 – kernel: nfsd: Incorrect handling of long RPC replies
https://notcve.org/view.php?id=CVE-2017-7645
18 Apr 2017 — The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. El servidor NFSv2/NFSv3 en el subsistema nfsd en el Kernel de Linux hasta la versión 4.10.11 permite a atacantes remotos provocar una denegación de servicio (caída de sistema) a través de una respuesta RPC larga, relacionada con net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c y fs/n... • http://www.debian.org/security/2017/dsa-3886 • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7889 – kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
https://notcve.org/view.php?id=CVE-2017-7889
17 Apr 2017 — The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. El subsistema mm en el kernel de Linux hasta la versión 3.2 no aplica adecuadamente el mecanismo de protección CONFIG_STRICT_DEVMEM, lo que permite... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94 • CWE-391: Unchecked Error Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7618 – Ubuntu Security Notice USN-3312-2
https://notcve.org/view.php?id=CVE-2017-7618
10 Apr 2017 — crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. crypto/ahash.c en el kernel de Linux hasta 4.10.9 permite a los atacantes causar una denegación de servicio (operación de API llamando a su propia devolución de llamada, y recursión infinita) activando EBUSY en una cola completa. USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update p... • http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16537 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-16537
03 Apr 2017 — The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. La función imon_probe en drivers/media/rc/imon.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o, posiblemente, causen otro... • https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
03 Apr 2017 — The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17807 – kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission
https://notcve.org/view.php?id=CVE-2017-17807
03 Apr 2017 — The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.14.6 omitía una compr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16649 – Ubuntu Security Notice USN-3822-2
https://notcve.org/view.php?id=CVE-2017-16649
03 Apr 2017 — The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. La función usbnet_generic_cdc_bind en drivers/net/usb/cdc_ether.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (error de división por cero y cierre inesperado del sistema) o... • http://www.securityfocus.com/bid/101761 • CWE-369: Divide By Zero •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16646 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-16646
03 Apr 2017 — drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. drivers/media/usb/dvb-usb/dib0700_devices.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (error y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB m... • http://www.securityfocus.com/bid/101846 • CWE-476: NULL Pointer Dereference •