CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2017-17558 – kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow
https://notcve.org/view.php?id=CVE-2017-17558
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. La función usb_destroy_configuration en drivers/usb/core/config.c en el subsistema del núcleo USB en el kernel de Linux hasta la versión 4.14.5 no considera el máximo número de configuraciones e interfaces antes de intentar liberar recursos. Esto permite que usuarios locales provoquen una denegación de servicio (acceso de escritura fuera de límites) o, posiblemente, tengan otro tipo de impacto sin especificar mediante un dispositivo USB manipulado. The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://openwall.com/lists/oss-security/2017/12/12/7 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17449 – kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
https://notcve.org/view.php?id=CVE-2017-17449
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. La función __netlink_deliver_tap_skb en net/netlink/af_netlink.c en el kernel de Linux hasta la versión 4.14.4, cuando CONFIG_NLMON está habilitado, no restringe las observaciones de mensajes Netlink a un espacio de nombres de red único, lo que permite que usuarios locales obtengan información sensible utilizando la capacidad CAP_NET_ADMIN para rastrear una interfaz nlmon para toda la actividad Netlink en el sistema. The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. • http://www.securityfocus.com/bid/102122 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://lkml.org/lkml/2017/12/5/950 https://source.android.com/security/bulletin/pixel/2018-04-01 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubunt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2017-8824 – Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free
https://notcve.org/view.php?id=CVE-2017-8824
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. La función dccp_disconnect en net/dccp/proto.c en el kernel de Linux hasta la versión 4.14.3 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante una llamada del sistema de conexión AF_UNSPEC durante el estado DCCP_LISTEN. A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges. The Linux kernel suffers from a DCCP socket use-after-free vulnerability. • https://www.exploit-db.com/exploits/43234 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.openwall.net/netdev/2017/12/04/224 http://www.openwall.com/lists/oss-security/2017/12/05/1 http://www.securityfocus.com/bid/102056 https://access.redhat.com/errata/RHSA-2018:0399 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://acces • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15116 – kernel: Null pointer dereference in rngapi_reset function
https://notcve.org/view.php?id=CVE-2017-15116
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). La función rngapi_reset en crypto/rng.c en el kernel de Linux en versiones anteriores a la 4.2 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL). A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://bugzilla.redhat.com/show_bug.cgi?id=1485815 https://bugzilla.redhat.com/show_bug.cgi?id=1514609 https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/security/cve/CVE-2017-15116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 2CVE-2017-16939 – Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-16939
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. La implementación de políticas de volcado XFRM en net/xfrm/xfrm_user.c en el kernel de Linux en versiones anteriores a la 4.13.11 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante una llamada del sistema a setsockopt con la opción SO_RCVBUF junto con mensajes Netlink XFRM_MSG_GETPOLICY. The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system. • https://www.exploit-db.com/exploits/44049 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://seclists.org/fulldisclosure/2017/Nov/40 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101954 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1355 https:/ • CWE-416: Use After Free •