CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-11473 – kernel: Buffer overflow in mp_override_legacy_irq()
https://notcve.org/view.php?id=CVE-2017-11473
20 Jul 2017 — Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table. Desbordamiento de búfer en la función mp_override_legacy_irq() en arch/x86/kernel/acpi/boot.c en el kernel de Linux hasta la versión 3.2 permite que los usuarios locales obtengan privilegios mediante una tabla ACPI manipulada. Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux ... • http://www.securityfocus.com/bid/100010 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 10CVE-2017-11176 – Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-11176
11 Jul 2017 — The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. La función mq_notify en el kernel de Linux hasta versión 4.11.9 no se ajusta el puntero sock a NULL al ingresar a la lógica de reintento. Durante un cierre de espacio de usuario de un socket Netlink, permite que los atacantes c... • https://packetstorm.news/files/id/149707 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-9985 – Ubuntu Security Notice USN-3469-2
https://notcve.org/view.php?id=CVE-2017-9985
28 Jun 2017 — The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. La función snd_msndmidi_input_read en el archivo sound/isa/msnd/msnd_midi.c en el kernel de Linux hasta la versión 4.11.7 permite a los usuarios locales causar una den... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-9984 – Ubuntu Security Notice USN-3469-2
https://notcve.org/view.php?id=CVE-2017-9984
28 Jun 2017 — The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. La función snd_msnd_interrupt en el archivo sound/isa/msnd/msnd_pinnacle.c en el kernel de Linux hasta la versión 4.11.7 permite a los usuarios locales causar una deneg... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1000363 – Ubuntu Security Notice USN-3333-1
https://notcve.org/view.php?id=CVE-2017-1000363
20 Jun 2017 — Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. Una escritura fuera de límites en el archivo drivers/ch... • http://www.debian.org/security/2017/dsa-3945 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 5CVE-2017-1000371 – Linux Kernel - 'offset2lib' Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000371
19 Jun 2017 — The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.... • https://packetstorm.news/files/id/143204 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2017-1000370 – Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000370
19 Jun 2017 — The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems. El parche offset2lib tal como es usado por el... • https://packetstorm.news/files/id/143204 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5321
https://notcve.org/view.php?id=CVE-2010-5321
24 Apr 2017 — Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsiste... • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16537 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-16537
03 Apr 2017 — The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. La función imon_probe en drivers/media/rc/imon.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o, posiblemente, causen otro... • https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
03 Apr 2017 — The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •