Page 355 of 2847 results (0.019 seconds)

CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-7995

https://notcve.org/view.php?id=CVE-2018-7995

Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant ** EN DISPUTA ** Condición de carrera en la función store_int_with_restart() en arch/x86/kernel/cpu/mcheck/mce.c en el kernel de Linux hasta la versión 4.15.7 permite que los usuarios locales provoquen una denegación de servicio (pánico) aprovechándose del acceso root de escritura en el archivo check_interval en un directorio /sys/devices/system/machinecheck/machinecheck<número de cpu> NOTA: un tercero ha indicado que este informe no es relevante para la seguridad: • http://www.securityfocus.com/bid/103356 https://bugzilla.suse.com/show_bug.cgi?id=1084755 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://lkml.org/lkml/2018/3/2/970 https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3656-1 https://www.debian.org/security/2018/dsa-4187 https://www.debian • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-7757 – kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c

https://notcve.org/view.php?id=CVE-2018-7757

Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. Filtrado de memoria en la función sas_smp_get_phy_events en drivers/scsi/libsas/sas_expander.c en el kernel de Linux, hasta la versión 4.15.7, permite que usuarios locales provoquen una denegación de servicio (consumo de memoria) mediante numerosos accesos de lectura a archivos en el directorio /sys/class/sas_phy, tal y como demuestra el archivo /sys/class/sas_phy/phy-1:0:12/invalid_dword_count. Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 http://www.securityfocus.com/bid/103348 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3654-1 https://usn.ubuntu. • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18222

https://notcve.org/view.php?id=CVE-2017-18222

In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings. En el kernel de Linux en versiones anteriores a la 4.12, Hisilicon Network Subsystem (HNS) no considera el caso ETH_SS_PRIV_FLAGS a la hora de recuperar los datos de sset_count, lo que permite que los usuarios locales provoquen una denegación de servicio (desbordamiento de búfer y corrupción de memoria) o, posiblemente, otro impacto no especificado, tal y como ha quedado demostrado por la incompatibilidad entre hns_get_sset_count y ethtool_get_strings. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c http://www.securityfocus.com/bid/103349 https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3656-1 https://www.debian.org/security/2018/dsa-4188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 1

CVE-2018-7755 – kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c

https://notcve.org/view.php?id=CVE-2018-7755

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. Se descubrió un fallo de seguridad en la función fd_locked_ioct en drivers/block/floppy.c en el kernel de Linux hasta la versión 4.15.7. La unidad de disquete copiará un puntero kernel a la memoria del usuario en respuesta a la llamada IOCTL FDGETPRM. • https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://lkml.org/lkml/2018/3/7/1116 https://usn.ubuntu.com/3695-1 https://usn.ubuntu.com/3695-2 https://usn.ubuntu.com/3696-1 https://usn.ubuntu.com/3696-2 https://usn.ubuntu.com/3697-1 https://usn.ubuntu.com/3697-2 https://usn.ubuntu.com/3698-1 https://usn.ubuntu.com/369 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18221

https://notcve.org/view.php?id=CVE-2017-18221

The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls. La función __munlock_pagevec en mm/mlock.c en el kernel de Linux, en versiones anteriores a la 4.11.4, permite que usuarios locales provoquen una denegación de servicio (corrupción de contabilidad NR_MLOCK) mediante el uso manipulado de llamadas del sistema mlockall y munlockall. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc http://www.securityfocus.com/bid/103321 https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4 • CWE-20: Improper Input Validation •