CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18208 – kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service
https://notcve.org/view.php?id=CVE-2017-18208
01 Mar 2018 — The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. La función madvise_willneed en mm/madvise.c en el kernel de Linux, en versiones anteriores a la 4.14.4, permite que usuarios locales provoquen una denegación de servicio (bucle infinito) desencadenando el uso de MADVISE_WILLNEED para un mapeo DAX. The madvise_willneed function in the Linux kernel allows local ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18203 – kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
https://notcve.org/view.php?id=CVE-2017-18203
27 Feb 2018 — The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. La función dm_get_from_kobject en drivers/md/dm.c en el kernel de Linux, en versiones anteriores a la 4.14.3, permite que usuarios locales provoquen una denegación de servicio (bug) aprovechando una condición de carrera en __dm_destroy durante la creación y eliminación de disposit... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18202 – kernel: Infoleak/use-after-free in __oom_reap_task_mm function in mm/oom_kill.c
https://notcve.org/view.php?id=CVE-2017-18202
27 Feb 2018 — The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. La función __oom_reap_task_mm en mm/oom_kill.c en el kernel de Linux, en versiones anteriores a la 4.14.4, gestiona de manera incorrecta las operaciones de recopilación. Esto permite que los atacantes provo... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=687cb0884a714ff484d038e9190edc874edcf146 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-7492
https://notcve.org/view.php?id=CVE-2018-7492
26 Feb 2018 — A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. Se ha encontrado una desreferencia de puntero NULL en la función net/rds/rdma.c __rds_rdma_map() en el kernel de Linux, en versiones anteriores a la 4.14.7, que permite que atacantes locales provoquen un error en el sistema y una denegación de servicio (DoS). Esto se rela... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18200
https://notcve.org/view.php?id=CVE-2017-18200
26 Feb 2018 — The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. La implementación f2fs en el kernel de Linux, en versiones anteriores a la 4.14, gestiona erróneamente las cuentas asociadas a las llamadas f2fs_wait_discard_bios. Esto permite que usuarios locales provoquen una denegación de servicio (bug), tal y como demuestra fstrim. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7480
https://notcve.org/view.php?id=CVE-2018-7480
25 Feb 2018 — The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. La función blkcg_init_queue en block/blk-cgroup.c en el kernel de Linux, en versiones anteriores a la 4.11, permite que los usuarios locales provoquen una denegación de servicio (doble liberación) o, posiblemente, causen otros impactos no especificados desencadenando un fallo de creación. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18193
https://notcve.org/view.php?id=CVE-2017-18193
22 Feb 2018 — fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. fs/f2fs/extent_cache.c en el kernel de Linux, en versiones anteriores a la 4.13, gestiona de forma incorrecta los árboles extent, lo que permite que usuarios locales provoquen una denegación de servicio (error) mediante una aplicación con múltiples hilos. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-7273 – Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
https://notcve.org/view.php?id=CVE-2018-7273
21 Feb 2018 — In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. En el kernel de Linux hasta la versión 4.15.4, el controlador del disquete revela las direcciones de las funciones del kernel y las variables glob... • https://www.exploit-db.com/exploits/44325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
https://notcve.org/view.php?id=CVE-2018-6927
12 Feb 2018 — The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando u... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18174
https://notcve.org/view.php?id=CVE-2017-18174
11 Feb 2018 — In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. En el kernel de Linux, en versiones anteriores a la 4.7, la función amd_gpio_remove en drivers/pinctrl/pinctrl-amd.c llama a la función pinctrl_unregister, lo que conduce a una doble liberación (double free). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=251e22abde21833b3d29577e4d8c7aaccd650eee • CWE-415: Double Free •