CVE-2017-17449 – kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
https://notcve.org/view.php?id=CVE-2017-17449
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. La función __netlink_deliver_tap_skb en net/netlink/af_netlink.c en el kernel de Linux hasta la versión 4.14.4, cuando CONFIG_NLMON está habilitado, no restringe las observaciones de mensajes Netlink a un espacio de nombres de red único, lo que permite que usuarios locales obtengan información sensible utilizando la capacidad CAP_NET_ADMIN para rastrear una interfaz nlmon para toda la actividad Netlink en el sistema. The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. • http://www.securityfocus.com/bid/102122 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://lkml.org/lkml/2017/12/5/950 https://source.android.com/security/bulletin/pixel/2018-04-01 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubunt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2017-8824 – Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free
https://notcve.org/view.php?id=CVE-2017-8824
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. La función dccp_disconnect en net/dccp/proto.c en el kernel de Linux hasta la versión 4.14.3 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante una llamada del sistema de conexión AF_UNSPEC durante el estado DCCP_LISTEN. A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges. The Linux kernel suffers from a DCCP socket use-after-free vulnerability. • https://www.exploit-db.com/exploits/43234 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.openwall.net/netdev/2017/12/04/224 http://www.openwall.com/lists/oss-security/2017/12/05/1 http://www.securityfocus.com/bid/102056 https://access.redhat.com/errata/RHSA-2018:0399 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://acces • CWE-416: Use After Free •
CVE-2017-15116 – kernel: Null pointer dereference in rngapi_reset function
https://notcve.org/view.php?id=CVE-2017-15116
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). La función rngapi_reset en crypto/rng.c en el kernel de Linux en versiones anteriores a la 4.2 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL). A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://bugzilla.redhat.com/show_bug.cgi?id=1485815 https://bugzilla.redhat.com/show_bug.cgi?id=1514609 https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/security/cve/CVE-2017-15116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2017-16939 – Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-16939
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. La implementación de políticas de volcado XFRM en net/xfrm/xfrm_user.c en el kernel de Linux en versiones anteriores a la 4.13.11 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante una llamada del sistema a setsockopt con la opción SO_RCVBUF junto con mensajes Netlink XFRM_MSG_GETPOLICY. The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system. • https://www.exploit-db.com/exploits/44049 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://seclists.org/fulldisclosure/2017/Nov/40 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101954 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1355 https:/ • CWE-416: Use After Free •
CVE-2017-12193 – kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation
https://notcve.org/view.php?id=CVE-2017-12193
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versiones anteriores a la 4.13.11 gestiona de manera incorrecta la división de nodos, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y pánico) mediante una aplicación manipulada, tal y como demuestra el tipo de clave de conjunto de claves, así como las operaciones de suma de claves y creación de enlaces. A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101678 https://access.redhat.com/errata/RHSA-2018:0151 https://bugzilla.redhat.com/show_bug.cgi?id=1501215 https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b https://usn.ubuntu.com/3698-1 https://usn.ubuntu.com/3698-2 https://access.redhat.com/secu • CWE-476: NULL Pointer Dereference •