CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17864
https://notcve.org/view.php?id=CVE-2017-17864
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." kernel/bpf/verifier.c en el kernel de Linux hasta la versión 4.14.8 gestiona de manera incorrecta las comparaciones states_equal entre el tipo de datos del puntero y el tipo de datos UNKNOWN_VALUE, lo que permite que usuarios locales obtengan información de direcciones sensible. Esto también se conoce como "pointer leak". • http://www.securityfocus.com/bid/102320 http://www.securitytracker.com/id/1040059 https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=stretch-security&id=ad775f6ff7eebb93eedc2f592bc974260e7757b0 https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch?h=stretch-security https://usn.ubuntu.com/usn/usn-3523-2 https://www.debian.org/security/2017/dsa-4073 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2017-17558 – kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow
https://notcve.org/view.php?id=CVE-2017-17558
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. La función usb_destroy_configuration en drivers/usb/core/config.c en el subsistema del núcleo USB en el kernel de Linux hasta la versión 4.14.5 no considera el máximo número de configuraciones e interfaces antes de intentar liberar recursos. Esto permite que usuarios locales provoquen una denegación de servicio (acceso de escritura fuera de límites) o, posiblemente, tengan otro tipo de impacto sin especificar mediante un dispositivo USB manipulado. The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://openwall.com/lists/oss-security/2017/12/12/7 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17449 – kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
https://notcve.org/view.php?id=CVE-2017-17449
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. La función __netlink_deliver_tap_skb en net/netlink/af_netlink.c en el kernel de Linux hasta la versión 4.14.4, cuando CONFIG_NLMON está habilitado, no restringe las observaciones de mensajes Netlink a un espacio de nombres de red único, lo que permite que usuarios locales obtengan información sensible utilizando la capacidad CAP_NET_ADMIN para rastrear una interfaz nlmon para toda la actividad Netlink en el sistema. The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. • http://www.securityfocus.com/bid/102122 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://lkml.org/lkml/2017/12/5/950 https://source.android.com/security/bulletin/pixel/2018-04-01 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubunt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15116 – kernel: Null pointer dereference in rngapi_reset function
https://notcve.org/view.php?id=CVE-2017-15116
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). La función rngapi_reset en crypto/rng.c en el kernel de Linux en versiones anteriores a la 4.2 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL). A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://bugzilla.redhat.com/show_bug.cgi?id=1485815 https://bugzilla.redhat.com/show_bug.cgi?id=1514609 https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/security/cve/CVE-2017-15116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12193 – kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation
https://notcve.org/view.php?id=CVE-2017-12193
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versiones anteriores a la 4.13.11 gestiona de manera incorrecta la división de nodos, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y pánico) mediante una aplicación manipulada, tal y como demuestra el tipo de clave de conjunto de claves, así como las operaciones de suma de claves y creación de enlaces. A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101678 https://access.redhat.com/errata/RHSA-2018:0151 https://bugzilla.redhat.com/show_bug.cgi?id=1501215 https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b https://usn.ubuntu.com/3698-1 https://usn.ubuntu.com/3698-2 https://access.redhat.com/secu • CWE-476: NULL Pointer Dereference •