CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 4CVE-2017-1000405 – Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page
https://notcve.org/view.php?id=CVE-2017-1000405
30 Nov 2017 — The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow u... • https://www.exploit-db.com/exploits/44305 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15116 – kernel: Null pointer dereference in rngapi_reset function
https://notcve.org/view.php?id=CVE-2017-15116
30 Nov 2017 — The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). La función rngapi_reset en crypto/rng.c en el kernel de Linux en versiones anteriores a la 4.2 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL). A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-17053
https://notcve.org/view.php?id=CVE-2017-17053
29 Nov 2017 — The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y. La función init_new_context en arch/x86/include/asm/mmu_context.h en el kernel de Linux en versiones ante... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17052
https://notcve.org/view.php?id=CVE-2017-17052
29 Nov 2017 — The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. La función mm_init en kernel/fork.c en el kernel de Linux en versiones anteriores a la 4.12.10 no elimina el miembro ->exe_file del mm_struct de un nuevo proceso. Esto permite que un atacante local logre un uso de memoria previamente li... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b7e8665b4ff51c034c55df3cff76518d1a9ee3a • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 2CVE-2017-16939 – Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-16939
24 Nov 2017 — The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. La implementación de políticas de volcado XFRM en net/xfrm/xfrm_user.c en el kernel de Linux en versiones anteriores a la 4.13.11 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (uso de me... • https://www.exploit-db.com/exploits/44049 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12193 – kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation
https://notcve.org/view.php?id=CVE-2017-12193
22 Nov 2017 — The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versiones anteriores a la 4.13.11 gestiona de manera incorrecta la división d... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12190 – kernel: memory leak when merging buffers in SCSI IO vectors
https://notcve.org/view.php?id=CVE-2017-12190
22 Nov 2017 — The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. Las funciones bio_... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2017-15115
https://notcve.org/view.php?id=CVE-2017-15115
15 Nov 2017 — The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. La función sctp_do_peeloff en net/sctp/socket.c en el kernel de Linux en versiones anteriores a la 4.14 no comprueba si el netns planeado se emplea en una acción peel-off, lo que permite que usuarios lo... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 • CWE-416: Use After Free •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15102
https://notcve.org/view.php?id=CVE-2017-15102
15 Nov 2017 — The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. La función tower_probe en drivers/usb/misc/legousbtower.c en el kernel de Linux en versiones anteriores a la 4.8.1 permite que usuarios locales (que estén tan cerca físicamente como para insertar un dispos... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2fae9e5a7babada041e2e161699ade2447a01989 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16644
https://notcve.org/view.php?id=CVE-2017-16644
07 Nov 2017 — The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. La función hdpvr_probe en drivers/media/usb/hdpvr/hdpvr-core.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (gestión incorrecta de errores y cierre inesperado del sistema) o... • http://www.securityfocus.com/bid/101842 • CWE-388: 7PK - Errors •