CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12168
https://notcve.org/view.php?id=CVE-2017-12168
20 Sep 2017 — The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). La función access_pmu_evcntr en arch/arm64/kvm/sys_regs.c en el kernel Linux en versiones anteriores a la 4.8.11 permite que los usuarios KVM invitados del sistema operativo provoquen una denegación de servicio (fallo de aserción y cierre inesp... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-14497
https://notcve.org/view.php?id=CVE-2017-14497
15 Sep 2017 — The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. La función tpacket_rcv en net/packet/af_packet.c en el kernel de Linux en versiones anteriores a la 4.13 no gestiona correctamente cabeceras vnet, lo que podría permitir que usuarios locales provoquen una denegación de servicio... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edbd58be15a957f6a760c4a514cd475217eb97fd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14340 – kernel: xfs: unprivileged user kernel oops
https://notcve.org/view.php?id=CVE-2017-14340
15 Sep 2017 — The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. La macro XFS_IS_REALTIME_INODE en fs/xfs/xfs_linux.h en el kernel de Linux en versiones anteriores a la 4.13.2 no verifica que un sistema de archivos tenga un dispositivo realtime, lo que permite que usuarios loc... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc • CWE-391: Unchecked Error Condition CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14489 – Linux Kernel < 4.14.rc3 - Local Denial of Service
https://notcve.org/view.php?id=CVE-2017-14489
15 Sep 2017 — The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. La función iscsi_if_rx en drivers/scsi/scsi_transport_iscsi.c en el kernel de Linux hasta la versión 4.13.2 permite que usuarios locales provoquen una denegación de servicio (pánico) aprovechando que se realiza una validación de longitud incorrecta. Linux kernel versions prior to 4-14-rc3 suffer from a local deni... • https://www.exploit-db.com/exploits/42932 • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 16%CPEs: 43EXPL: 6CVE-2017-1000251 – Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-1000251
12 Sep 2017 — The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas... • https://www.exploit-db.com/exploits/42762 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2017-12146
https://notcve.org/view.php?id=CVE-2017-12146
08 Sep 2017 — The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. La implementación driver_override en drivers/base/platform.c en el kernel de Linux en versiones anteriores a la 4.12.1 permite que los usuarios locales obtengan privilegios mediante el uso de una condición de carrera causada por una operación de lectura y otra de al... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6265539776a0810b7ce6398c27866ddb9c6bd154 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14156
https://notcve.org/view.php?id=CVE-2017-14156
05 Sep 2017 — The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. La función atyfb_ioctl en drivers/video/fbdev/aty/atyfb_base.c en las versiones de Linux kernel hasta la 4.12.10 no inicializa una estructura de datos específica. Esto permite a los usuarios locales obtener información sensible de ... • http://www.debian.org/security/2017/dsa-3981 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14140 – kernel: Missing permission check in move_pages system call
https://notcve.org/view.php?id=CVE-2017-14140
05 Sep 2017 — The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. La llamada al sistema move_pages en mm/migrate.c en versiones anteriores a la 4.12.9 del kernel Linux no verifica correctamente el id de usuario del proceso objetivo. Esto permite que un atacante local aprenda la distribución de la memoria de un ejecutable setuid a pesar de la ASLR. The mo... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197e7e521384a23b9e585178f3f11c9fa08274b9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14106 – kernel: Divide-by-zero in __tcp_select_window
https://notcve.org/view.php?id=CVE-2017-14106
01 Sep 2017 — The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. La función tcp_disconnect en net/ipv4/tcp.c en el kernel de Linux en versiones anteriores a la 4.12 permite que usuarios locales provoquen una denegación de servicio allows local users to cause a denial of service (error __tcp_select_window de división por ce... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=499350a5a6e7512d9ed369ed63a4244b6536f4f8 • CWE-369: Divide By Zero •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14051
https://notcve.org/view.php?id=CVE-2017-14051
31 Aug 2017 — An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. Un desbordamiento de enteros en la función qla2x00_sysfs_write_optrom_ctl en drivers/scsi/qla2xxx/qla_attr.c en el kernel de Linux hasta la versión 4.12.10 permite que los usuarios locales provoquen una denegación de servicio (corrupción de memoria y fallo de si... • http://www.securityfocus.com/bid/100571 • CWE-190: Integer Overflow or Wraparound •