CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-18021 – kernel: Privilege escalation on arm64 via KVM hypervisor
https://notcve.org/view.php?id=CVE-2018-18021
07 Oct 2018 — arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validati... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93459d689d990b3ecfbe782fec89b97d3279 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-17972 – kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks
https://notcve.org/view.php?id=CVE-2018-17972
03 Oct 2018 — An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. Se descubrió un problema en la función proc_pid_stack en fs/proc/base.c en el kernel de Linux hasta la versión 4.18.11. No asegura que solo root pueda inspeccionar la pila del kernel de una tarea arbitraria, lo que permite... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 15EXPL: 0CVE-2018-9363 – kernel: Buffer overflow in hidp_process_report
https://notcve.org/view.php?id=CVE-2018-9363
02 Oct 2018 — In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. Hay un desbordamiento de enteros en hidp_process_report en bluetooth. • https://access.redhat.com/errata/RHSA-2018:2948 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 20EXPL: 0CVE-2018-14633 – kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target
https://notcve.org/view.php?id=CVE-2018-14633
25 Sep 2018 — A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system... • http://www.securityfocus.com/bid/105388 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 6CVE-2018-17182 – Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-17182
19 Sep 2018 — An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.18.8. La función vmacache_flush_all en mm/vmacache.c manipula incorrectamente los desbordamientos de números de secuencias. • https://packetstorm.news/files/id/149557 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2018-14641 – kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()
https://notcve.org/view.php?id=CVE-2018-14641
18 Sep 2018 — A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service. Se ha encontrado un error de seguridad en la función ip_frag_reasm() en net/ipv4/ip_fragment.c en el kernel de Linux, desde la versión 4.19-rc1 a la 4.1... • https://access.redhat.com/errata/RHSA-2018:2948 • CWE-20: Improper Input Validation CWE-456: Missing Initialization of a Variable •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10853 – kernel: kvm: guest userspace to guest kernel write
https://notcve.org/view.php?id=CVE-2018-10853
11 Sep 2018 — A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. Se ha encontrado un error en la forma en la que el hipervisor KVM del kernel de Linux en versiones anteriores a la 4.18 emulaba instrucciones como sgdt/sidt/fxsave/fxrstor. No comprobó el nivel d... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-16658 – kernel: Information leak in cdrom_ioctl_drive_status
https://notcve.org/view.php?id=CVE-2018-16658
07 Sep 2018 — An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.18.6. Una fuga de información en cdrom_ioctl_drive_status en drivers/cdrom/cdrom.c podría ser empleada por atacantes locales para leer m... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2018-15594 – kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests
https://notcve.org/view.php?id=CVE-2018-15594
20 Aug 2018 — arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. arch/x86/kernel/paravirt.c en el kernel de Linux en versiones anteriores a la 4.18.1 maneja incorrectamente algunas llamadas indirectas, lo que hace que sea más fácil para los atacantes realizar ataques Spectre-v2 contra guests paravirtuales. It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/p... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5800dc5c19f34e6e03b5adab1282535cb102fafd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-15572 – Ubuntu Security Notice USN-3776-1
https://notcve.org/view.php?id=CVE-2018-15572
20 Aug 2018 — The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. La función spectre_v2_select_mitigation en arch/x86/kernel/cpu/bugs.c en el kernel de Linux en versiones anteriores a la 4.18.1 no siempre completa RSB en un cambio de contexto, lo que hace que sea más fácil para los atacantes realizar ataques spectreRSB espacio de usuar... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346 •