Page 354 of 3311 results (0.013 seconds)

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-15265 – kernel: Use-after-free in snd_seq_ioctl_create_port()

https://notcve.org/view.php?id=CVE-2017-15265

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. Condición de carrera en el subsistema ALSA en el kernel de Linux en versiones anteriores a la 4.13.8 permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o posiblemente otro impacto mediante llamadas ioctl /dev/snd/seq ioctl manipuladas. Esto está relacionado con sound/core/seq/seq_clientmgr.c y sound/core/seq/seq_ports.c. A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026 http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 http://www.openwall.com/lists/oss-security/2017/10/11/3 http://www.securityfocus.com/bid/101288 http://www.securitytracker.com/id/1039561 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-201 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15299 – kernel: Incorrect updates of uninstantiated keys crash the kernel

https://notcve.org/view.php?id=CVE-2017-15299

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. El subsistema de claves KEYS en el kernel Linux hasta la versión 4.13.7 gestiona de manera incorrecta el uso de add_key para una clave que ya existe, pero no se ha probado, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que tengan un impacto sin especificar mediante una llamada del sistema manipulada. A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS). • https://access.redhat.com/errata/RHSA-2018:0654 https://bugzilla.redhat.com/show_bug.cgi?id=1498016 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://marc.info/?t=150654188100001&r=1&w=2 https://marc.info/?t=150783958600011&r=1&w=2 https://usn.ubuntu.com/3798-1 https://usn.ubuntu.com/3798-2 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html https://access.redhat.com/security/cve/CVE-2017-15299 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-15274 – kernel: dereferencing NULL payload with nonzero length

https://notcve.org/view.php?id=CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. security/keys/keyctl.c en el kernel de Linux en versiones anteriores a la 4.11.5 no tiene en cuenta el caso de una carga útil NULL junto con un valor de longitud que no sea cero, lo que permite a usuarios locales provocar una denegación de servicio (desreferencia de puntero NULL and OOPS) mediante una llamada de sistema add_key o keyctl manipulada. Esta es una vulnerabilidad diferente a CVE-2017-12192. A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5 http://www.securityfocus.com/bid/101292 https://access.redhat.com/errata/RHSA-2019:1946 https://bugzilla.suse.com/show_bug.cgi?id=1045327 https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5 https://patchwork.kernel.org/patch/9781573 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com&# • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12192 – kernel: NULL pointer dereference due to KEYCTL_READ on negative key

https://notcve.org/view.php?id=CVE-2017-12192

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. La función keyctl_read_key en security/keys/keyctl.c en el subcomponente Key Management en el kernel de Linux en versiones anteriores a la 4.13.5 no considera correctamente que se puede tener una clave instanciada negativamente, lo que permite que los usuarios locales provoquen una denegación de servicio (OOPS y cierre inesperado del sistema) mediante una operación KEYCTL_READ manipulada. A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5 https://access.redhat.com/errata/RHSA-2018:0151 https://bugzilla.redhat.com/show_bug.cgi?id=1493435 https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678 https://lkml.org/lkml/2017/9/18/764 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://access.redhat.com • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-14991

https://notcve.org/view.php?id=CVE-2017-14991

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. La función sg_ioctl en drivers/scsi/sg.c en el kernel de Linux en versiones anteriores a la 4.13.4 permite que los usuarios locales obtengan información sensible de zonas de la memoria dinámica del kernek no inicializadas mediante una llamada IOCTL SG_GET_REQUEST_TABLE a /dev/sg0. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4 http://www.securityfocus.com/bid/101187 https://github.com/torvalds/linux/commit/3e0097499839e0fe3af380410eababe5a47c4cf9 https://usn.ubuntu.com/3754-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •