Page 367 of 2847 results (0.015 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12154 – Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register

https://notcve.org/view.php?id=CVE-2017-12154

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. La función prepare_vmcs02 en arch/x86/kvm/vmx.c en el kernel de Linux hasta la versión 4.13.3 no asegura que los controles L0 vmcs02 "CR8-load exiting" y "CR8-store exiting" existan en casos en los que L1 omite el control vmcs12 "use TPR shadow". Esto permite que los usuarios invitados del sistema operativo obtengan acceso de lectura y escritura al registro CR8 del hardware. Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100856 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1946 https://bugzilla.redhat.com/show_bug.cgi?id=1491224 https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f https://usn.ubuntu.c • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 6%CPEs: 37EXPL: 3

CVE-2017-1000253 – Linux Kernel PIE Stack Buffer Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary. Existe una vulnerabilidad en las distribuciones de Linux que no han parcheado sus kernels de largo mantenimiento con https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (confirmada el 14 de abril de 2015). • https://www.exploit-db.com/exploits/42887 https://github.com/RicterZ/PIE-Stack-Clash-CVE-2017-1000253 https://github.com/sxlmnwb/CVE-2017-1000253 http://www.securityfocus.com/bid/101010 http://www.securitytracker.com/id/1039434 https://access.redhat.com/errata/RHSA-2017:2793 https://access.redhat.com/errata/RHSA-2017:2794 https://access.redhat.com/errata/RHSA-2017:2795 https://access.redhat.com/errata/RHSA-2017:2796 https://access.redhat.com/errata/RHSA-2017:2797 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2017-12153

https://notcve.org/view.php?id=CVE-2017-12153

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. Se descubrió un fallo de seguridad en la función nl80211_set_rekey_data() en net/wireless/nl80211.c en el kernel de Linux hasta la versión 4.13.3. La función no comprueba si los atributos requeridos están presentes en una petición Netlink. • http://seclists.org/oss-sec/2017/q3/437 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100855 https://bugzilla.novell.com/show_bug.cgi?id=1058410 https://bugzilla.redhat.com/show_bug.cgi?id=1491046 https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888 https://marc.info/?t=150525503100001&r=1&w=2 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-476: NULL Pointer Dereference •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12168

https://notcve.org/view.php?id=CVE-2017-12168

The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). La función access_pmu_evcntr en arch/arm64/kvm/sys_regs.c en el kernel Linux en versiones anteriores a la 4.8.11 permite que los usuarios KVM invitados del sistema operativo provoquen una denegación de servicio (fallo de aserción y cierre inesperado del sistema operativo del host) accediendo a Performance Monitors Cycle Count Register (PMCCNTR). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11 https://bugzilla.redhat.com/show_bug.cgi?id=1492984 https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9 • CWE-617: Reachable Assertion •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-14340 – kernel: xfs: unprivileged user kernel oops

https://notcve.org/view.php?id=CVE-2017-14340

The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. La macro XFS_IS_REALTIME_INODE en fs/xfs/xfs_linux.h en el kernel de Linux en versiones anteriores a la 4.13.2 no verifica que un sistema de archivos tenga un dispositivo realtime, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y OOPS) mediante vectores relacionados con la configuración de una marca RHINHERIT en un directorio. A flaw was found where the XFS filesystem code mishandles a user-settable inode flag in the Linux kernel prior to 4.14-rc1. This can cause a local denial of service via a kernel panic. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc http://seclists.org/oss-sec/2017/q3/436 http://www.debian.org/security/2017/dsa-3981 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2 http://www.securityfocus.com/bid/100851 https://access.redhat.com/errata/RHSA-2017:2918 https://bugzilla.redhat.com/show_bug.cgi?id=1491344 https://github.com/torvalds/linux/commit/b31ff3cdf540110da4572e3e29bd172087af65cc https:&# • CWE-391: Unchecked Error Condition CWE-476: NULL Pointer Dereference •