Page 380 of 3311 results (0.015 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9191

https://notcve.org/view.php?id=CVE-2016-9191

The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. La implementación offline cgroup en el kernel Linux hasta la versión 4.8.11 maneja incorrectamente ciertas operaciones drain, lo que permite a usuarios locales provocar una denegación de servicio (colgado de sistema) aprovechando el acceso al contenedor de ambiente para ejecutar una aplicación manipulada, como es demostrado por trinity. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939 http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2016/11/05/4 http://www.securityfocus.com/bid/94129 https://bugzilla.redhat.com/show_bug.cgi?id=1392439 https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-8645 – kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c

https://notcve.org/view.php?id=CVE-2016-8645

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. La pila TCP en el kernel Linux en versiones anteriores a 4.8.10 maneja incorrectamente el truncamiento skb, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) a través de una aplicación manipulada que hace llamadas de sistema sendto, relacionado con net/ipv4/tcp_ipv4.c y net/ipv6/tcp_ipv6.c. It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10 http://www.openwall.com/lists/oss-security/2016/11/11/3 http://www.openwall.com/lists/oss-security/2016/11/30/3 http://www.securityfocus.com/bid/94264 http://www.securitytracker.com/id/1037285 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https: • CWE-284: Improper Access Control CWE-617: Reachable Assertion •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9084 – kernel: Integer overflow when using kzalloc in vfio driver

https://notcve.org/view.php?id=CVE-2016-9084

drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. drivers/vfio/pci/vfio_pci_intrs.c en el kernel Linux hasta la versión 4.8.11 usa de forma incorrecta la función kzalloc, lo que permite a usuarios locales provocar una denegación de servicio (desbordamiento de entero) o tener otro posible impacto no especificado aprovechando el acceso al archivo de dispositivo vfio PCI. The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a http://rhn.redhat.com/errata/RHSA-2017-0386.html http://rhn.redhat.com/errata/RHSA-2017-0387.html http://www.openwall.com/lists/oss-security/2016/10/26/11 http://www.securityfocus.com/bid/93930 https://bugzilla.redhat.com/show_bug.cgi?id=1389259 https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a https://patchwork.kernel.org/patch/9373631 https:/&#x • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-8646 – kernel: Oops in shash_async_export()

https://notcve.org/view.php?id=CVE-2016-8646

The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. La función hash_accept en crypto/algif_hash.c en el kernel Linux en versiones anteriores a 4.3.6 permite a usuarios locales provocar una denegación de servicio (OOPS) intentando desencadenar el uso de algoritmos hash in-kernel para un enchufe que ha recibido cero bytes de datos. A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.6 http://www.openwall.com/lists/oss-security/2016/11/15/2 http://www.securityfocus.com/bid/94309 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://bugzilla.redhat.com/show_bug.cgi?id=1388821 https: • CWE-476: NULL Pointer Dereference •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-8630 – kernel: kvm: x86: NULL pointer dereference during instruction decode

https://notcve.org/view.php?id=CVE-2016-8630

The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. La función x86_decode_insn en arch/x86/kvm/emulate.c en el kernel Linux en versiones anteriores a 4.8.7, cuando KVM está habilitado, permite a usuarios locales provocar una denegación de servicio (caída de SO anfitrión ) a través de cierto uso del byte ModR/M en una instrucción no definida. Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e http://rhn.redhat.com/errata/RHSA-2017-0386.html http://rhn.redhat.com/errata/RHSA-2017-0387.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7 http://www.openwall.com/lists/oss-security/2016/11/22/3 http://www.securityfocus.com/bid/94459 https://bugzilla.redhat.com/show_bug.cgi?id=1393350 https://github.com/torvalds/linux/commit/d9092f52d7e61dd15 • CWE-284: Improper Access Control CWE-476: NULL Pointer Dereference •