CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000364 – Solaris - RSH Stack Clash Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000364
19 Jun 2017 — An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). Se ha descubierto un problema en el tamaño de la página de stack guard en Linux; específicamente, una página 4k stack guard no es lo suficientemente grande y puede "saltarse" (se omite la página de stack guard). Esto afe... • https://www.exploit-db.com/exploits/45625 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2017-1000370 – Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000370
19 Jun 2017 — The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems. El parche offset2lib tal como es usado por el... • https://www.exploit-db.com/exploits/42274 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 3CVE-2017-1000371 – Linux Kernel - 'offset2lib' Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000371
19 Jun 2017 — The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.... • https://www.exploit-db.com/exploits/42273 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000380 – kernel: information leak due to a data race in ALSA timer
https://notcve.org/view.php?id=CVE-2017-1000380
17 Jun 2017 — sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. El archivo sound/core/timer.c en el kernel de Linux anterior a versión 4.11.5, es vulnerable a una carrera de datos en el controlador de /dev/snd/timer de ALSA, resultando en que los usuarios locales sean capace... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0651
https://notcve.org/view.php?id=CVE-2017-0651
14 Jun 2017 — An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815. • http://www.securityfocus.com/bid/98875 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0650
https://notcve.org/view.php?id=CVE-2017-0650
14 Jun 2017 — An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278. • http://www.securitytracker.com/id/1038623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9605
https://notcve.org/view.php?id=CVE-2017-9605
13 Jun 2017 — The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitializ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07678eca2cf9c9a18584e546c2b2a0d0c9a3150c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2016-9604 – kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user
https://notcve.org/view.php?id=CVE-2016-9604
07 Jun 2017 — It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. Se ha descubierto en el kernel de Linux en versiones anteriores a la 4.11-rc8 que root puede obtener acceso directo a un keyring interno, como ".dns_resolver" en RHEL-7 o e... • http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html • CWE-347: Improper Verification of Cryptographic Signature CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9242 – kernel: Incorrect overwrite check in __ip6_append_data()
https://notcve.org/view.php?id=CVE-2017-9242
27 May 2017 — The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. La función __ip6_append_data en el archivo net/ipv6/ip6_output.c en el kernel de Linux hasta versión 4.11.3, es demasiado tardía para comprobar si se puede sobrescribir una estructura de datos skb, lo que permite a los usuarios locales causar un... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9211
https://notcve.org/view.php?id=CVE-2017-9211
23 May 2017 — The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. La función crypto_skcipher_init_tfm en el archivo crypto/skcipher.c en el kernel de Linux hasta versión 4.11.2, se basa en una función setkey que carece de una comprobación de tamaño de clave, que permite a los usuarios locales causar una denegación de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9933e113c2e87a9f46a40fde8dafbf801dca1ab9 • CWE-476: NULL Pointer Dereference •