CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7261 – Ubuntu Security Notice USN-3291-1
https://notcve.org/view.php?id=CVE-2017-7261
24 Mar 2017 — The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.5 no verifica el valor cero de ciertos niveles de ... • http://marc.info/?t=149037004200005&r=1&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7187 – kernel: scsi: Stack-based buffer overflow in sg_ioctl function
https://notcve.org/view.php?id=CVE-2017-7187
20 Mar 2017 — The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. La función sg_ioctl en drivers/scsi/sg.c en el kernel de Linux hasta la versión 4.10.4 permite a usuarios locales provocar una denegación de servicio (desbordamiento de búfer basado en pila) ... • http://www.securityfocus.com/bid/96989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-7184 – Linux Kernel XFRM Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-7184
19 Mar 2017 — The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. La función xfrm_replay_verify_len en net/xfrm/xfrm_user.c en el kernel ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6874
https://notcve.org/view.php?id=CVE-2017-6874
14 Mar 2017 — Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts. Condición de carrera en kernel/ucount.c en el kernel de Linux hasta la versión 4.10.2 permite a usuarios locales provocar una denegación de servicio (uso después de liberación y caíd... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2017-2636 – kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
https://notcve.org/view.php?id=CVE-2017-2636
07 Mar 2017 — Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Condición de carrera en drivers/tty/n_hdlc.c en el kernel de Linux hasta la versión 4.10.1 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (liberación doble) ajustando la línea de disciplina HDLC. A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdl... • https://github.com/alexzorin/cve-2017-2636-el • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6347 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2017-6347
01 Mar 2017 — The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. La función ip_cmsg_recv_checksum en net/ipv4/ip_sockglue.c en el kernel de Linux en versiones anteriores a 4.10.1 tiene expectativas in... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6353 – Debian Security Advisory 3804-1
https://notcve.org/view.php?id=CVE-2017-6353
01 Mar 2017 — net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. net/sctp/socket.c en el kernel de Linux en versiones hasta 4.10.1 no restringe adecuadamente las operaciones de despegue de la asociación durante varios estados de espera, l... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfcb9f4f99f1e9a49e43398a7bfbf56927544af1 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5669 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2017-5669
24 Feb 2017 — The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. La función do_shmat en ipc/shm.c en el kernel de Linux hasta la versión 4.9.12 no restringe la dirección calculada por cierta operación de redondeo, lo que permite a u... • http://www.debian.org/security/2017/dsa-3804 •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0570
https://notcve.org/view.php?id=CVE-2015-0570
09 May 2016 — Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. Desbordamiento de buffer basado en pila en la implementación de SET_WPS_IE IOCTL en wlan_hdd_hostapd.c en el controlador WLAN (también conocido como Wi-Fi) para... • http://source.android.com/security/bulletin/2016-05-01.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0571
https://notcve.org/view.php?id=CVE-2015-0571
09 May 2016 — The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. El controlador WLAN (también conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM... • http://source.android.com/security/bulletin/2016-05-01.html • CWE-862: Missing Authorization •