CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8063
https://notcve.org/view.php?id=CVE-2017-8063
23 Apr 2017 — drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. drivers/media/usb/dvb-usb/cxusb.c en el kernel de Linux 4.9.x y 4.10.x en versiones anteriores a 4.10.12 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, que permite a usuarios... • http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.12 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8064
https://notcve.org/view.php?id=CVE-2017-8064
23 Apr 2017 — drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. drivers/media/usb/dvb-usb-v2/dvb_usb_core.cen el kernel de Linux 4.9.x y 4.10.x en versiones anteriores a 4.10.12 interactúa incorrectamente con la opción C... • http://www.debian.org/security/2017/dsa-3886 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7979
https://notcve.org/view.php?id=CVE-2017-7979
19 Apr 2017 — The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. La característica cookie en la implementación del paq... • http://marc.info/?l=linux-netdev&m=149200742616349 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2017-7645 – kernel: nfsd: Incorrect handling of long RPC replies
https://notcve.org/view.php?id=CVE-2017-7645
18 Apr 2017 — The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. El servidor NFSv2/NFSv3 en el subsistema nfsd en el Kernel de Linux hasta la versión 4.10.11 permite a atacantes remotos provocar una denegación de servicio (caída de sistema) a través de una respuesta RPC larga, relacionada con net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c y fs/n... • http://www.debian.org/security/2017/dsa-3886 • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7889 – kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
https://notcve.org/view.php?id=CVE-2017-7889
17 Apr 2017 — The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. El subsistema mm en el kernel de Linux hasta la versión 3.2 no aplica adecuadamente el mecanismo de protección CONFIG_STRICT_DEVMEM, lo que permite... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94 • CWE-391: Unchecked Error Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7618
https://notcve.org/view.php?id=CVE-2017-7618
10 Apr 2017 — crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. crypto/ahash.c en el kernel de Linux hasta 4.10.9 permite a los atacantes causar una denegación de servicio (operación de API llamando a su propia devolución de llamada, y recursión infinita) activando EBUSY en una cola completa. • http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7616 – kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
https://notcve.org/view.php?id=CVE-2017-7616
10 Apr 2017 — Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. El manejo incorrecto de los errores en las syscalls set_mempolicy y mbind compat en mm/mempolicy.c en el kernel de Linux hasta la versión 4.10.9 permite a los usuarios locales obtener información confidencial de datos de pila no inicializados al activar... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 • CWE-388: 7PK - Errors CWE-390: Detection of Error Condition Without Action •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-2671 – Linux Kernel - 'ping' Local Denial of Service
https://notcve.org/view.php?id=CVE-2017-2671
05 Apr 2017 — The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. En LightDM en versiones hasta 1.22.0, un problema de directorio transversal en debian/guest-account.sh permite a atacantes locales allows local attackers poseer ubicaciones de... • https://www.exploit-db.com/exploits/42135 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000026 – kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
https://notcve.org/view.php?id=CVE-2018-1000026
03 Apr 2017 — Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. El kernel de Linux, al menos desde la versión v4.8, contiene una vulnerabilidad de validación de entradas in... • http://lists.openwall.net/netdev/2018/01/16/40 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17741
https://notcve.org/view.php?id=CVE-2017-17741
03 Apr 2017 — The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. La implementación KVM en el kernel de Linux hasta la versión 4.14.7 permite que atacantes remotos obtengan información potencialmente sensible de la memoria del kernel. Esto también se conoce como una lectura fuera de límites basada en pila write_mmio y está rel... • http://www.securityfocus.com/bid/102227 • CWE-125: Out-of-bounds Read •