CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-19824 – kernel: Use-after-free in sound/usb/card.c:usb_audio_probe()
https://notcve.org/view.php?id=CVE-2018-19824
03 Dec 2018 — In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. En el kernel de Linux hasta la versión 4.19.6, un usuario local podría explotar memoria previamente liberada en el controlador ALSA suministrando un dispositivo de sonido USB malicioso (con cero interfaces) que no se maneja correctamente en usb_audio_probe en sound/usb/card.c. A flaw was ... • http://www.securityfocus.com/bid/106109 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19406
https://notcve.org/view.php?id=CVE-2018-19406
21 Nov 2018 — kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized. kvm_pv_send_ipi en arch/x86/kvm/lapic.c en el kernel de Linux hasta la versión 4.19.2 permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL) mediante llamadas del sistema manipuladas que alcanzan una situación donde el mapa ap... • http://www.securityfocus.com/bid/105988 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-19407 – Ubuntu Security Notice USN-3878-1
https://notcve.org/view.php?id=CVE-2018-19407
21 Nov 2018 — The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. La función vcpu_scan_ioapic en arch/x86/kvm/x86.c en el kernel de Linux hasta la versión 4.19.2 permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULLy error) mediante llamadas del sistema manipuladas que alcanzan una sit... • http://www.securityfocus.com/bid/105987 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 9CVE-2018-18955 – Linux - Nested User Namespace idmap Limit Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-18955
16 Nov 2018 — In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced directi... • https://packetstorm.news/files/id/150489 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 2CVE-2018-18281 – kernel: TLB flush happens too late on mremap
https://notcve.org/view.php?id=CVE-2018-18281
29 Oct 2018 — Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. Desde la versión 3.2 del kernel de Linux, la syscall mremap(... • https://packetstorm.news/files/id/150001 • CWE-459: Incomplete Cleanup CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-18710 – Kernel Live Patch Security Notice LSN-0046-1
https://notcve.org/view.php?id=CVE-2018-18710
27 Oct 2018 — An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.19. Una fuga de información en cdrom_ioctl_select_disc en drivers/cdrom/cdrom.c podría ser empleada por atacantes locales para l... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18690 – kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change
https://notcve.org/view.php?id=CVE-2018-18690
26 Oct 2018 — In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. En el kernel de Linux en versiones anteriores a la 4.17, un atacante local que sea capaz de establecer atributos en un sistema de... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c • CWE-391: Unchecked Error Condition CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-18445 – kernel: Faulty computation of numberic bounds in the BPF verifier
https://notcve.org/view.php?id=CVE-2018-18445
17 Oct 2018 — In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. En el kernel de Linux 4.14.x, 4.15.x, 4.16.x, 4.17.x y versiones 4.18.x anteriores a la 4.18.13, el cálculo incorrecto de enlaces numéricos en el verificador BPF permite accesos a la memoria fuera de límites debido a que adjust_scalar_min_max_val... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14656
https://notcve.org/view.php?id=CVE-2018-14656
08 Oct 2018 — A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. La falta de una comprobación de direcciones en los llamantes de show_opcodes() en el kernel de Linux permite que un atacante vuelque la memoria del kernel en una dirección arbitraria del kernel en el registro dmesg. • http://www.securitytracker.com/id/1041804 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-18021 – kernel: Privilege escalation on arm64 via KVM hypervisor
https://notcve.org/view.php?id=CVE-2018-18021
07 Oct 2018 — arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validati... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93459d689d990b3ecfbe782fec89b97d3279 • CWE-20: Improper Input Validation •