Page 354 of 2588 results (0.021 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-6554

https://notcve.org/view.php?id=CVE-2018-6554

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. Fuga de memoria en la función irda_bind en net/irda/af_irda.c y siguientes en drivers/staging/irda/net/af_irda.c en el kernel de Linux en versiones anteriores a la 4.17 permite que usuarios locales provoquen una denegación de servicio (consumo de memoria) enlazando repetidamente un socket AF_IRDA. • http://www.securityfocus.com/bid/105302 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 https://usn.ubuntu.com/3777-2 https://usn.ubuntu.com/3777-3 https://www.debian.org/security/2018/dsa-4308 https://www • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2018-16276

https://notcve.org/view.php?id=CVE-2018-16276

An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. Se descubrió un problema en yurex_read en drivers/usb/misc/yurex.c en el kernel de Linux hasta la versión 4.17.7. Los atacantes locales pueden emplear lecturas/escrituras de acceso de usuario con una comprobación incorrecta de límites en el controlador USB yurex para provocar el cierre inesperado del kernel o escalar privilegios. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 https://bugzilla.suse.com/show_bug.cgi?id=1106095 https://bugzilla.suse.com/show_bug.cgi?id=1115593 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7 https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https • CWE-787: Out-of-bounds Write •

CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0

CVE-2018-15594 – kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests

https://notcve.org/view.php?id=CVE-2018-15594

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. arch/x86/kernel/paravirt.c en el kernel de Linux en versiones anteriores a la 4.18.1 maneja incorrectamente algunas llamadas indirectas, lo que hace que sea más fácil para los atacantes realizar ataques Spectre-v2 contra guests paravirtuales. It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5800dc5c19f34e6e03b5adab1282535cb102fafd http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://www.securityfocus.com/bid/105120 http://www.securitytracker.com/id/1041601 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1 https://github.com/torvalds/linux/commit/5800dc5c19f34e6e03b5adab12825 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2018-15572

https://notcve.org/view.php?id=CVE-2018-15572

The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. La función spectre_v2_select_mitigation en arch/x86/kernel/cpu/bugs.c en el kernel de Linux en versiones anteriores a la 4.18.1 no siempre completa RSB en un cambio de contexto, lo que hace que sea más fácil para los atacantes realizar ataques spectreRSB espacio de usuario-espacio de usuario. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1 https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3775-1 https://usn.ubuntu.com/3775-2 https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3777-1 http •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-7754

https://notcve.org/view.php?id=CVE-2018-7754

The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. La función aoedisk_debugfs_show en drivers/block/aoe/aoeblk.c en el kernel de Linux hasta la versión 4.16.4rc4 permite que usuarios locales obtengan información sensible de direcciones mediante la lectura de líneas "ffree: " en un archivo debugfs. • https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421 https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md • CWE-532: Insertion of Sensitive Information into Log File •