Page 349 of 3100 results (0.038 seconds)

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. La función irda_setsockopt en net/irda/af_irda.c y siguientes en drivers/staging/irda/net/af_irda.c en el kernel de Linux en versiones anteriores a la 4.17 permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada en ias_object y cierre inesperado del sistema) o cualquier otro tipo de impacto sin especificar mediante un socket AF_IRDA. • http://www.securityfocus.com/bid/105304 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 https://usn.ubuntu.com/3777-2 https://usn.ubuntu.com/3777-3 https://www.debian.org/security/2018/dsa-4308 https://www.spinics.net/lists/stable/msg255031.html https://www.spinics.net/lists • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. Fuga de memoria en la función irda_bind en net/irda/af_irda.c y siguientes en drivers/staging/irda/net/af_irda.c en el kernel de Linux en versiones anteriores a la 4.17 permite que usuarios locales provoquen una denegación de servicio (consumo de memoria) enlazando repetidamente un socket AF_IRDA. • http://www.securityfocus.com/bid/105302 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 https://usn.ubuntu.com/3777-2 https://usn.ubuntu.com/3777-3 https://www.debian.org/security/2018/dsa-4308 https://www • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. arch/x86/kernel/paravirt.c en el kernel de Linux en versiones anteriores a la 4.18.1 maneja incorrectamente algunas llamadas indirectas, lo que hace que sea más fácil para los atacantes realizar ataques Spectre-v2 contra guests paravirtuales. It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5800dc5c19f34e6e03b5adab1282535cb102fafd http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://www.securityfocus.com/bid/105120 http://www.securitytracker.com/id/1041601 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1 https://github.com/torvalds/linux/commit/5800dc5c19f34e6e03b5adab12825 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. La función spectre_v2_select_mitigation en arch/x86/kernel/cpu/bugs.c en el kernel de Linux en versiones anteriores a la 4.18.1 no siempre completa RSB en un cambio de contexto, lo que hace que sea más fácil para los atacantes realizar ataques spectreRSB espacio de usuario-espacio de usuario. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1 https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 http •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. La función aoedisk_debugfs_show en drivers/block/aoe/aoeblk.c en el kernel de Linux hasta la versión 4.16.4rc4 permite que usuarios locales obtengan información sensible de direcciones mediante la lectura de líneas "ffree: " en un archivo debugfs. • https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421 https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md • CWE-532: Insertion of Sensitive Information into Log File •