CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15649 – Linux Kernel - 'AF_PACKET' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-15649
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a una gestión incorrecta de las estructuras de datos packet_fanout. Esto se debe a una condición de carrera (que afecta a fanout_add y packet_do_bind) que da lugar a un uso de memoria previamente liberada. Esta vulnerabilidad es diferente de CVE-2017-6346. It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. • https://www.exploit-db.com/exploits/44053 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e http://patchwork.ozlabs.org/patch/813945 http://patchwork.ozlabs.org/patch/818726 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6 http://www.securityfocus.com/bid/101573 https://access.redhat.com/errata/RHSA- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15537
https://notcve.org/view.php?id=CVE-2017-15537
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. El subsistema x86/fpu (Floating Point Unit) en el kernel de Linux en versiones anteriores a la 4.13.5, cuando un procesador soporta la característica xsave pero no la xsaves, no gestiona correctamente los intentos de establecer bits reservados en la cabecera xstate mediante las llamadas de sistema ptrace() o rt_sigreturn(), lo que permite que usuarios locales lean los registros FPU de otros procesos en el sistema, relacionado con arch/x86/kernel/fpu/regset.c y arch/x86/kernel/fpu/signal.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5 https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e https://source.android.com/security/bulletin/pixel/2018-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15265 – kernel: Use-after-free in snd_seq_ioctl_create_port()
https://notcve.org/view.php?id=CVE-2017-15265
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. Condición de carrera en el subsistema ALSA en el kernel de Linux en versiones anteriores a la 4.13.8 permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o posiblemente otro impacto mediante llamadas ioctl /dev/snd/seq ioctl manipuladas. Esto está relacionado con sound/core/seq/seq_clientmgr.c y sound/core/seq/seq_ports.c. A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026 http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 http://www.openwall.com/lists/oss-security/2017/10/11/3 http://www.securityfocus.com/bid/101288 http://www.securitytracker.com/id/1039561 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-201 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15299 – kernel: Incorrect updates of uninstantiated keys crash the kernel
https://notcve.org/view.php?id=CVE-2017-15299
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. El subsistema de claves KEYS en el kernel Linux hasta la versión 4.13.7 gestiona de manera incorrecta el uso de add_key para una clave que ya existe, pero no se ha probado, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que tengan un impacto sin especificar mediante una llamada del sistema manipulada. A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS). • https://access.redhat.com/errata/RHSA-2018:0654 https://bugzilla.redhat.com/show_bug.cgi?id=1498016 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://marc.info/?t=150654188100001&r=1&w=2 https://marc.info/?t=150783958600011&r=1&w=2 https://usn.ubuntu.com/3798-1 https://usn.ubuntu.com/3798-2 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html https://access.redhat.com/security/cve/CVE-2017-15299 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15274 – kernel: dereferencing NULL payload with nonzero length
https://notcve.org/view.php?id=CVE-2017-15274
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. security/keys/keyctl.c en el kernel de Linux en versiones anteriores a la 4.11.5 no tiene en cuenta el caso de una carga útil NULL junto con un valor de longitud que no sea cero, lo que permite a usuarios locales provocar una denegación de servicio (desreferencia de puntero NULL and OOPS) mediante una llamada de sistema add_key o keyctl manipulada. Esta es una vulnerabilidad diferente a CVE-2017-12192. A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5 http://www.securityfocus.com/bid/101292 https://access.redhat.com/errata/RHSA-2019:1946 https://bugzilla.suse.com/show_bug.cgi?id=1045327 https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5 https://patchwork.kernel.org/patch/9781573 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com&# • CWE-476: NULL Pointer Dereference •