CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6412
https://notcve.org/view.php?id=CVE-2018-6412
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. En la función sbusfb_ioctl_helper() en drivers/video/fbdev/sbuslib.c en el kernel de Linux hasta la versión 4.15, un error en la propiedad signedness de un número entero permite la fuga de información arbitraria para los comandos FBIOPUTCMAP_SPARC y FBIOGETCMAP_SPARC. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bde https://marc.info/?l=linux-fbdev&m=151734425901499&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-18079
https://notcve.org/view.php?id=CVE-2017-18079
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. drivers/input/serio/i8042.c en el kernel de Linux en versiones anteriores a la 4.12.4 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que, posiblemente, tengan otro tipo de impacto sin especificar debido a que el valor port->exists puede cambiar tras ser validado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226 http://www.securityfocus.com/bid/102895 https://github.com/torvalds/linux/commit/340d394a789518018f834ff70f7534fc463d3226 https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5750 – kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
https://notcve.org/view.php?id=CVE-2018-5750
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. La función acpi_smbus_hc_add en drivers/acpi/sbshc.c en el kernel de Linux hastas la versión 4.14.15 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg de una llamada SBS HC printk. The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. • http://www.securitytracker.com/id/1040319 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:2948 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://patchwork.kernel.org/patch/10174835 https://usn.ubuntu.com/3631-1 https://usn.ubuntu.com/3631-2 https://usn.ubuntu.com/3697-1 https://usn.ubuntu.com/3697-2 https://usn.ubuntu.com/3698-1 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2018-1000004 – kernel: Race condition in sound system can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-1000004
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. En el kernel de Linux en versiones 4.12, 3.10, 2.6 y, probablemente, versiones anteriores, existe una vulnerabilidad en el sistema de sonido, lo que puede conducir a un deadlock y a una condición de denegación de servicio (DoS). In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://seclists.org/oss-sec/2018/q1/51 http://www.securityfocus.com/bid/104606 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2019:1483 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://lists.debian.org/debian-lts-announce/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15127 – kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2017-15127
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). Se encontró un error en la función hugetlb_mcopy_atomic_pte en mm/hugetlb.c en el kernel de Linux en versiones anteriores a la 4.13. Un desbloqueo superfluo implícito de página para la representación hugetlbfs de VM_SHARED podría desembocar una denegación de servicio local (error). A flaw was found in the Linux kernel when freeing pages in hugetlbfs. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995 http://www.securityfocus.com/bid/102517 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/security/cve/CVE-2017-15127 https://bugzilla.redhat.com/show_bug.cgi?id=1525218 https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995 • CWE-460: Improper Cleanup on Thrown Exception •