CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2647 – kernel: Null pointer dereference in search_keyring
https://notcve.org/view.php?id=CVE-2017-2647
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a 3.18 permite a los usuarios locales obtener privilegios o provocar una denegación de servicio (referencia a puntero NULL y bloqueo del sistema) a través de vectores que implican un valor NULL para un cierto campo de coincidencia, relacionado con la función keyring_search_iterator en keyring.c. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 http://www.securityfocus.com/bid/97258 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2437 https://access.redhat.com/errata/RHSA-2017:2444 https://bugzilla.redhat.com/show_bug.cgi?id=1428353 https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 https://usn.ubuntu. • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7346
https://notcve.org/view.php?id=CVE-2017-7346
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_gb_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión4.10.7 no valida ciertos niveles de datos, lo que permite a usuarios locales provocar una denegación de servicio (colgar sistema) a través de una llamada al archivo ioctl manipulado para un dispositivo /dev/dri/renderD*. • http://marc.info/?l=linux-kernel&m=149086968410117&w=2 http://www.debian.org/security/2017/dsa-3927 http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/97257 https://bugzilla.redhat.com/show_bug.cgi?id=1437431 https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 4CVE-2017-7308 – Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7308
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. La función packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versión 4.10.6, no comprueba apropiadamente ciertos datos de tamaño de bloque, lo que permite a los usuarios locales causar una denegación de servicio (error de firma de enteros y escritura fuera de límites), y alcanzar privilegios (si se mantiene la capacidad CAP_NET_RAW), por medio de llamadas de sistema diseñadas. It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation. • https://www.exploit-db.com/exploits/44654 https://www.exploit-db.com/exploits/41994 https://www.exploit-db.com/exploits/47168 https://github.com/anldori/CVE-2017-7308 http://www.securityfocus.com/bid/97234 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://access.redhat.com/errata/RHSA-2018:1854 https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-pa • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7277
https://notcve.org/view.php?id=CVE-2017-7277
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. La pila TCP en el kernel de Linux hasta la versión 4.10.6 no maneja adecuadamente la funcionalidad SCM_TIMESTAMPING_OPT_STATS, lo que permite a usuarios locales obtener información sensible de la estructuras internas de datos del socket del kernel o provocar una denegación de servicio (lectura fuera de límites) a través de llamadas al sistema manipuladas, relacionado con net/core/skbuff.c y net/socket.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc http://www.securityfocus.com/bid/97141 https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc https://lkml.org/lkml/2017/3/15/485 https://patchwork.ozlabs.org/patch/740636 https://patchwor • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7261
https://notcve.org/view.php?id=CVE-2017-7261
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.5 no verifica el valor cero de ciertos niveles de datos, lo que permite a los usuarios locales provocar una denegación de servicio (referencia ZERO_SIZE_PTR y GPF y posiblemente pánico) a través de una llamada ioctl manipulada para un dispositivo /dev/dri/renderD*. • http://marc.info/?t=149037004200005&r=1&w=2 http://www.securityfocus.com/bid/97096 https://bugzilla.redhat.com/show_bug.cgi?id=1435719 https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html • CWE-20: Improper Input Validation •