CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16538
https://notcve.org/view.php?id=CVE-2017-16538
04 Nov 2017 — drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). drivers/media/usb/dvb-usb-v2/lmedm04.c en el kernel de Linux hasta la versión 4.13.10 permite que los usuarios locales provoquen una denegación de servic... • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2017-16528
https://notcve.org/view.php?id=CVE-2017-16528
04 Nov 2017 — sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. sound/core/seq_device.c en el kernel de Linux, en versiones anteriores a la 4.13.4, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada snd_rawmidi_dev_seq_free y cierre inesperado del sistema) o, posiblemente, causen otros ... • https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0CVE-2017-16525
https://notcve.org/view.php?id=CVE-2017-16525
04 Nov 2017 — The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. La función usb_serial_console_disconnect en drivers/usb/serial/console.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (uso de... • http://www.securityfocus.com/bid/102028 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2017-16529
https://notcve.org/view.php?id=CVE-2017-16529
04 Nov 2017 — The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. La función snd_usb_create_streams en sound/usb/card.c en el kernel de Linux, en versiones anteriores a la 4.13.6, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen o... • http://www.securityfocus.com/bid/103284 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16531
https://notcve.org/view.php?id=CVE-2017-16531
04 Nov 2017 — drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. drivers/usb/core/config.c en el kernel de Linux, en versiones anteriores a la 4.13.6, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen otr... • http://www.securityfocus.com/bid/102025 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15951
https://notcve.org/view.php?id=CVE-2017-15951
28 Oct 2017 — The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.13.10 no sincroniza correctamente las acciones de actualización con las de detección de una clave en el estado "negative" para evitar una... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 8CVE-2017-5123 – Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-5123
25 Oct 2017 — Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Una comprobación de datos insuficiente en waitid permitía a un usuario escapar de los sandbox en Linux • https://www.exploit-db.com/exploits/43127 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15649 – Linux Kernel - 'AF_PACKET' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-15649
19 Oct 2017 — net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a... • https://www.exploit-db.com/exploits/44053 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-7558 – kernel: Out of bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() in SCTP stack
https://notcve.org/view.php?id=CVE-2017-7558
19 Oct 2017 — A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. Se ha encontrado una fuga de datos del kernel debido a una lectura fuera de límites en el kernel de Linux en la... • http://seclists.org/oss-sec/2017/q3/338 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15537
https://notcve.org/view.php?id=CVE-2017-15537
17 Oct 2017 — The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. El subsistema x86/fpu (Floating Point Unit) en el kernel de Linux en versiones an... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •