CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 0CVE-2017-16914 – Ubuntu Security Notice USN-3619-1
https://notcve.org/view.php?id=CVE-2017-16914
31 Jan 2018 — The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. La función "stub_send_ret_submit()" (drivers/usb/usbip/stub_tx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.107, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante u... • http://www.securityfocus.com/bid/102150 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6412
https://notcve.org/view.php?id=CVE-2018-6412
31 Jan 2018 — In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. En la función sbusfb_ioctl_helper() en drivers/video/fbdev/sbuslib.c en el kernel de Linux hasta la versión 4.15, un error en la propiedad signedness de un número entero permite la fuga de información arbitraria para los comandos FBIOPUTCMAP_SPARC y FBIOGETCMAP_SPARC. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5750 – kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
https://notcve.org/view.php?id=CVE-2018-5750
26 Jan 2018 — The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. La función acpi_smbus_hc_add en drivers/acpi/sbshc.c en el kernel de Linux hastas la versión 4.14.15 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg de una llamada SBS HC printk. The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.1... • http://www.securitytracker.com/id/1040319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18075 – kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service
https://notcve.org/view.php?id=CVE-2017-18075
24 Jan 2018 — crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. crypto/pcrypt.c en el kernel de Linux en versiones anteriores a la 4.14.13 gestiona de manera incorrecta la liberación de instancias, lo que permi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68 • CWE-628: Function Call with Incorrectly Specified Arguments CWE-763: Release of Invalid Pointer or Reference •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5703
https://notcve.org/view.php?id=CVE-2018-5703
16 Jan 2018 — The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. La función tcp_v6_syn_recv_sock en net/ipv6/tcp_ipv6.c en el kernel de Linux, en versiones hasta la 4.14.11, permite que los atacantes provoquen una denegación de servicio (escritura fuera de límites del bloque) o, posiblemente, causen otros impactos no especificados mediante ... • https://groups.google.com/d/msg/syzkaller-bugs/0PBeVnSzfqQ/5eXAlM46BQAJ • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17975 – Debian Security Advisory 4188-1
https://notcve.org/view.php?id=CVE-2017-17975
30 Dec 2017 — Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. Uso de memoria previamente liberada en la función usbtv_probe en drive... • http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17864 – Ubuntu Security Notice USN-3523-1
https://notcve.org/view.php?id=CVE-2017-17864
23 Dec 2017 — kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." kernel/bpf/verifier.c en el kernel de Linux hasta la versión 4.14.8 gestiona de manera incorrecta las comparaciones states_equal entre el tipo de datos del puntero y el tipo de datos UNKNOWN_VALUE, lo que permite que usuarios locales obtengan información d... • http://www.securityfocus.com/bid/102320 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17862 – Ubuntu Security Notice USN-3523-1
https://notcve.org/view.php?id=CVE-2017-17862
23 Dec 2017 — kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. kernel/bpf/verifier.c en el kernel de Linux hasta la versión 4.14.8 ignora el código inalcanzable, incluso aunque sea procesado por compiladores en tiempo de ejecución o JIT. Este comportamiento, que también se considera un problema de lóg... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17856
https://notcve.org/view.php?id=CVE-2017-17856
23 Dec 2017 — kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. kernel/bpf/verifier.c en el kernel de Linux, en versiones anteriores a la 4.14.8, permite que los usuarios locales provoquen una denegación de servicio (corrupción de memoria) o, posiblemente, causen otros impactos no especificados aprovechando la falta de aplicación de la alineaci... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a5ec6ae161d72f01411169a938fa5f8baea16e8f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17853
https://notcve.org/view.php?id=CVE-2017-17853
23 Dec 2017 — kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. kernel/bpf/verifier.c en el kernel de Linux, en versiones anteriores a la 4.14.8, permite que los usuarios locales provoquen una denegación de servicio (corrupción de memoria) o, posiblemente, causen otros impactos no especificados aprovechando cálculos incorrectos de límites BPF_RSH ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4374f256ce8182019353c0c639bb8d0695b4c941 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •