CVE-2018-8822
https://notcve.org/view.php?id=CVE-2018-8822
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. Manipulación incorrecta de longitud de búfer en la función ncp_read_kernel en fs/ncpfs/ncplib_kernel.c en el kernel de Linux hasta la versión 4.15.11 y en drivers/staging/ncpfs/ncplib_kernel.c en el kernel de Linux 4.16-rc hasta 4.16-rc6 podría ser explotada por servidores NCPFS maliciosos para cerrar inesperadamente el kernel o ejecutar código. • http://www.openwall.com/lists/oss-security/2022/12/27/3 http://www.securityfocus.com/bid/103476 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3653-1 https://usn.ubuntu.com/3653-2 https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 https://usn.ubuntu.com/3656-1 https://usn.ubuntu.com/3657-1 https://www.debian.org/security/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-1068 – kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c
https://notcve.org/view.php?id=CVE-2018-1068
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. Se ha encontrado un error en la implementación de la interfaz syscall de 32 bits para puentes de red (bridging) en el kernel de las versiones 4.x de Linux. Esto permitía que un usuario privilegiado escribiese de forma arbitraria en un rango limitado de memoria del kernel. A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. • http://www.securityfocus.com/bid/103459 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:4159 https://bugzilla.redhat.com/show_bug.cgi?id=1552048 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2017-18232 – kernel: Mishandling mutex within libsas allowing local Denial of Service
https://notcve.org/view.php?id=CVE-2017-18232
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. La implementación SAS (Serial Attached SCSI) en el kernel de Linux, hasta la versión 4.15.9, gestiona de manera incorrecta un mutex en libsas. Esto permite que usuarios locales provoquen una denegación de servicio (deadlock) desencadenando cierto código de gestión de errores. The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d http://www.securityfocus.com/bid/103423 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d https://usn.ubuntu.com/4163-1 https://usn.ubuntu.com/4163-2 https://www.debian.org/security/2018/dsa-4187 https://access.redhat.com/security/cve/CVE-2017-18232 • CWE-833: Deadlock •
CVE-2018-8087 – kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service
https://notcve.org/view.php?id=CVE-2018-8087
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. Fuga de memoria en la función hwsim_new_radio_nl en drivers/net/wireless/mac80211_hwsim.c en el kernel de Linux hasta la versión 4.15.9 permite que usuarios locales provoquen una denegación de servicio (consumo de memoria) desencadenando un caso de error fuera de array. The Linux kernel is vulnerable to a memory leak in the drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() function. An attacker could exploit this to cause a potential denial of service. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51 http://www.securityfocus.com/bid/103397 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51 https://usn.ubuntu.com/3676-1 https://usn.ubuntu.com/3676-2 https://usn.ubuntu.com/3677-1 https://usn.ubuntu.com/3677-2 https://usn.ubuntu.com/3678-1 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-18224
https://notcve.org/view.php?id=CVE-2017-18224
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. En el kernel de Linux, en versiones anteriores a la 4.15, fs/ocfs2/aops.c omite el uso de un semáforo y, por consiguiente, tiene una condición de carrera al acceder al árbol extent durante las operaciones de lectura en modo DIRECT. Esto permite que usuarios locales provoquen una denegación de servicio (bug) modificando cierto campo e_cpos. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f http://www.securityfocus.com/bid/103353 https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f https://www.debian.org/security/2018/dsa-4188 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •