Page 370 of 3161 results (0.019 seconds)

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. La función tower_probe en drivers/usb/misc/legousbtower.c en el kernel de Linux en versiones anteriores a la 4.8.1 permite que usuarios locales (que estén tan cerca físicamente como para insertar un dispositivo USB manipulado) obtengan privilegios aprovechando una condición de write-what-where que ocurre tras una condición de carrera y una desreferencia de puntero NULL • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2fae9e5a7babada041e2e161699ade2447a01989 http://seclists.org/oss-sec/2017/q4/238 http://www.securityfocus.com/bid/101790 https://bugzilla.redhat.com/show_bug.cgi?id=1505905 https://github.com/torvalds/linux/commit/2fae9e5a7babada041e2e161699ade2447a01989 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-476: NULL Pointer Dereference •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. La función dvb_frontend_free en drivers/media/dvb-core/dvb_frontend.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. NOTA: la función fue posteriormente renombrada como __dvb_frontend_free. The dvb frontend management subsystem in the Linux kernel contains a use-after-free which can allow a malicious user to write to memory that may be assigned to another kernel structure. • http://www.securityfocus.com/bid/101758 https://access.redhat.com/errata/RHSA-2018:2948 https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ https://patchwork.kernel.org/patch/10046189 https://access.redhat.com/security/cve/CVE-2017-16648 https://bugzilla.redhat.com/show_bug.cgi?id=1516257 • CWE-416: Use After Free •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. La función hdpvr_probe en drivers/media/usb/hdpvr/hdpvr-core.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (gestión incorrecta de errores y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. • http://www.securityfocus.com/bid/101842 https://groups.google.com/d/msg/syzkaller/ngC5SLvxPm4/gduhCARhAwAJ https://patchwork.kernel.org/patch/9966135 https://usn.ubuntu.com/3754-1 https://www.debian.org/security/2017/dsa-4073 • CWE-388: 7PK - Errors •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. La función parse_hid_report_descriptor en drivers/input/tablet/gtco.c en el kernel de Linux, en versiones anteriores a la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. • http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101769 https://github.com/torvalds/linux/commit/a50829479f58416a013a4ccca791336af3c584c7 https://groups.google.com/d/msg/syzkaller/McWFcOsA47Y/3bjtBBgaBAAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1 • CWE-125: Out-of-bounds Read •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. La función kvm_vm_ioctl_check_extension en arch/powerpc/kvm/powerpc.c en el kernel de Linux, en versiones anteriores a la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) mediante una llamada ioctl KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM a /dev/kvm. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c18c01745bbd3c47a36b124e5fd8c0 http://openwall.com/lists/oss-security/2017/11/06/6 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101693 https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0 https://access.redhat.com/security/cve/CVE-2017-15306 https://bugzilla.redhat.com/show_bug.cgi?id=1510399 • CWE-476: NULL Pointer Dereference •