Page 378 of 3311 results (0.038 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9685 – kernel: Memory leaks in xfs_attr_list.c error paths

https://notcve.org/view.php?id=CVE-2016-9685

Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. Múltiples fugas de memoria en rutas de error en fs/xfs/xfs_attr_list.c en el kernel de Linux en versiones anteriores a 4.5.1 permiten a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de operaciones de archivo de sistema XFS manipuladas. A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of service situation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e83b79b2d6c78bf1b4aa227938a214dcbddc83f http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1 http://www.openwall.com/lists/oss-security/2016/11/30/1 http://www.securityfocus.com/bid/94593 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.redhat.com/show_bug.cgi?id=1396941 https: • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9756

https://notcve.org/view.php?id=CVE-2016-9756

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. arch/x86/kvm/emulate.c en el kernel de Linux en versiones anteriores a 4.8.12 no inicializa adecuadamente Code Segment (CS) en ciertos casos de error, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través de una aplicación manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12 http://www.openwall.com/lists/oss-security/2016/12/01/1 http://www.securityfocus.com/bid/94615 https://bugzilla.redhat.com/show_bug.cgi?id=1400468 https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-6704

https://notcve.org/view.php?id=CVE-2012-6704

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. La función sock_setsockopt en net/core/sock.c en el kernel de Linux en versiones anteriores a 3.5 no maneja adecuadamente valores negativos de sk_sndbuf y sk_rcvbuf, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente tener otro impacto no especificado aprovechando la capacidad CAP_NET_ADMIN para una llamada al sistema setsockopt manipulada con la opción (1) SO_SNDBUF o (2) SO_RCVBUF. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82981930125abfd39d7c8378a9cfdf5e1be2002b http://www.openwall.com/lists/oss-security/2016/12/03/1 http://www.securityfocus.com/bid/95135 https://bugzilla.redhat.com/show_bug.cgi?id=1402024 https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-6787

https://notcve.org/view.php?id=CVE-2016-6787

kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. kernel/events/core.c en el subsistema de rendimiento en el kernel de Linux en versiones anteriores a 4.0 no gestiona adecuadamente bloqueos durante ciertas migraciones, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como error interno 31095224. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b http://source.android.com/security/bulletin/2016-12-01.html http://www.debian.org/security/2017/dsa-3791 http://www.securityfocus.com/bid/94679 https://bugzilla.redhat.com/show_bug.cgi?id=1403842 https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-6786

https://notcve.org/view.php?id=CVE-2016-6786

kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. kernel/events/core.c en el subsistema de rendimiento en el kernel de Linux en versiones anteriores a 4.0 no gestiona adecuadamente bloqueos durante ciertas migraciones, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como error interno 30955111. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b http://source.android.com/security/bulletin/2016-12-01.html http://www.debian.org/security/2017/dsa-3791 http://www.securityfocus.com/bid/94679 https://bugzilla.redhat.com/show_bug.cgi?id=1403842 https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b • CWE-264: Permissions, Privileges, and Access Controls •