CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0077 – kernel: vhost-net: insufficiency in handling of big packets in handle_rx()
https://notcve.org/view.php?id=CVE-2014-0077
14 Apr 2014 — drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. drivers/vhost/net.c en el kernel de Linux anterior a 3.13.10, cuando buffers combinables están deshabilitados, no valida debidamente los longitudes de paquetes, lo q... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-0155
https://notcve.org/view.php?id=CVE-2014-0155
14 Apr 2014 — The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. La función ioapic_deliver en virt/kvm/ioapic.c en el kernel de Linux hasta 3.14.1 no valida debidamente el valor de vue... • http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 322EXPL: 0CVE-2013-7348
https://notcve.org/view.php?id=CVE-2013-7348
01 Apr 2014 — Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function. Vulnerabilidad de doble liberación en la función ioctx_alloc en fs/aio.c en el kernel de Linux anterior a 3.12.4 permite a usuarios locales causar una denegación de servicio (caída de sistema) o posiblemente otro impacto no especifica... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d558023207e008a4476a3b7bb8706b2a2bf5d84f • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 2%CPEs: 5EXPL: 0CVE-2014-2672 – kernel: ath9k: tid->sched race in ath_tx_aggr_sleep()
https://notcve.org/view.php?id=CVE-2014-2672
01 Apr 2014 — Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions. Condición de carrera en la función ath_tx_aggr_sleep en drivers/net/wireless/ath/ath9k/xmit.c en el kernel de Linux anterior a 3.13.7 permite a atacantes remotos causar una denegación de servicio (caída de sistema) a través de una cantidad gran... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=21f8aaee0c62708654988ce092838aa7df4d25d8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2673 – kernel: powerpc: tm: crash when forking inside a transaction
https://notcve.org/view.php?id=CVE-2014-2673
01 Apr 2014 — The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. La función arch_dup_task_struct en la implementación Transactional Memory (TM) en arch/powerpc/ke... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=621b5060e823301d0cba4cb52a7ee3491922d291 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2678 – kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()
https://notcve.org/view.php?id=CVE-2014-2678
01 Apr 2014 — The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_iw_laddr_check en net/rds/iw.c en el kernel de Linux hasta 3.14 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída de sistema) o posiblemente tener otro impa... • http://linux.oracle.com/errata/ELSA-2014-0926-1.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0131
https://notcve.org/view.php?id=CVE-2014-0131
24 Mar 2014 — Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. Vulnerabilidad de uso después de liberación en la función skb_segment en net/core/skbuff.c en el kernel de Linux hasta 3.13.6 permite a atacantes obtener información sensible de la memoria del kernel mediante el aprovechamiento de la ausencia de cierta operación huérfana... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fd819ecb90cc9b822cd84d3056ddba315d3340f • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-7339 – kernel: net: rds: dereference of a NULL device in rds_ib_laddr_check()
https://notcve.org/view.php?id=CVE-2013-7339
24 Mar 2014 — The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_ib_laddr_check en net/rds/ib.c en el kernel de Linux anterior a 3.12.8 permite a usuarios locales causar una denegación de servicio (referencia de puntero nulo y caída de sistema) o posiblemente tener ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2349758acf1874e4c2b93fe41d072336f1a31d0 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 9%CPEs: 6EXPL: 0CVE-2014-2523 – kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
https://notcve.org/view.php?id=CVE-2014-2523
24 Mar 2014 — net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. net/netfilter/nf_conntrack_proto_dccp.c en el kernel de Linux hasta 3.13.6 utiliza un puntero de cabecera DCCP incorrectamente, lo que permite a atacantes remotos causar una denegació... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2014-2568 – kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied
https://notcve.org/view.php?id=CVE-2014-2568
24 Mar 2014 — Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced. Vulnerabilidad de uso después de liberación en la función nfqnl_zcopy en net/netfilter/nfnetlink_queue_core.c en el kernel de Li... • http://seclists.org/oss-sec/2014/q1/627 • CWE-416: Use After Free •