Page 375 of 2992 results (0.019 seconds)

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17807 – kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission

https://notcve.org/view.php?id=CVE-2017-17807

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.14.6 omitía una comprobación de control de acceso cuando se agregaba una clave al "llavero de acceso por defecto" de la tarea actual mediante la llamada al sistema request_key(), permitiendo a un usuario local utilizar una secuencia de llamadas de sistema manipuladas para añadir claves a un llavero solo con permiso de búsqueda (no de escritura) a ese llavero. Esto está relacionado con construct_get_dest_keyring() en security/keys/request_key.c. The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b http://www.securityfocus.com/bid/102301 https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3620 • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-17741

https://notcve.org/view.php?id=CVE-2017-17741

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. La implementación KVM en el kernel de Linux hasta la versión 4.14.7 permite que atacantes remotos obtengan información potencialmente sensible de la memoria del kernel. Esto también se conoce como una lectura fuera de límites basada en pila write_mmio y está relacionado con arch/x86/kvm/x86.c e include/trace/events/kvm.h. • http://www.securityfocus.com/bid/102227 https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3620-1 https://usn.ubuntu.com/3620-2 https://usn.ubuntu.com/3632-1 https://www.debian.org/security/2017/dsa-4073 https://www.debian.org/security/2018/dsa-4082&# • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2018-5333 – Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation

https://notcve.org/view.php?id=CVE-2018-5333

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. En el kernel de Linux hasta la versión 4.14.13, la función rds_cmsg_atomic en net/rds/rdma.c gestiona de manera incorrecta los casos en los que fracasa la asignación de páginas o cuando se proporciona una dirección no válida, lo que conduce a una desreferencia de puntero NULL en rds_atomic_free_op. In the Linux kernel through 4.14.13, the rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic. • https://www.exploit-db.com/exploits/47957 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737 http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html http://www.securityfocus.com/bid/102510 https://access.redhat.com/errata/RHSA-2018:0470 https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https:&# • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2018-5344 – kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

https://notcve.org/view.php?id=CVE-2018-5344

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. En el kernel de Linux hasta la versión 4.14.13, drivers/block/loop.c gestiona de manera incorrecta la serialización de lo_release, lo que permite que atacantes provoquen una denegación de servicio (uso de memoria previamente liberada de __lock_acquire) o, posiblemente, otro impacto sin especificar. A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 http://www.securityfocus.com/bid/102503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https://usn.ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-2647 – kernel: Null pointer dereference in search_keyring

https://notcve.org/view.php?id=CVE-2017-2647

The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a 3.18 permite a los usuarios locales obtener privilegios o provocar una denegación de servicio (referencia a puntero NULL y bloqueo del sistema) a través de vectores que implican un valor NULL para un cierto campo de coincidencia, relacionado con la función keyring_search_iterator en keyring.c. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 http://www.securityfocus.com/bid/97258 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2437 https://access.redhat.com/errata/RHSA-2017:2444 https://bugzilla.redhat.com/show_bug.cgi?id=1428353 https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 https://usn.ubuntu. • CWE-476: NULL Pointer Dereference •