Page 395 of 3100 results (0.022 seconds)

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. La función ext4_fill_super en fs/ext4/super.c en el kernel de Linux hasta la versión 4.9.8 no valida correctamente los grupos de bloque meta, lo que permite a atacantes físicamente próximos provocar una denegación de servicio (lectura fuera de límites y caída del sistema) a través de una imagen ext4 manipulada. Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe http://seclists.org/fulldisclosure/2016/Nov/75 http://www.openwall.com/lists/oss-security/2017/02/05/3 http://www.securityfocus.com/bid/94354 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://bugzilla.redhat.com/show_bug.cgi?id=1395190 https://github.com/torvalds&# • CWE-125: Out-of-bounds Read •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. Firejail en versiones anteriores a 0.9.44.4, cuando se ejecuta en un Linux kernel en versiones anteriores a 4.8, permite a atacantes dependientes del contexto evitar un mecanismo seccomp-based de protección de sandbox a través del argumento --allow-debuggers. • http://www.openwall.com/lists/oss-security/2017/01/07/5 http://www.securityfocus.com/bid/97120 https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51 https://firejail.wordpress.com/download-2/release-notes https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e https://security.gentoo.org/glsa/201701-62 •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). crypto/mcryptd.c en el kernel de Linux en versiones anteriores a 4.8.15 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) usando un socket AF_ALG con un algoritmo incompatible, según lo demostrado por mcryptd(md5). Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct. This causes mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended to be used with mcryptd. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15 http://www.openwall.com/lists/oss-security/2017/01/17/13 http://www.securityfocus.com/bid/95677 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. arch/x86/kvm/emulate.c en el kernel de Linux hasta la versión 4.9.3 permite a usuarios locales obtener información sensible de memoria del kernel o provocar una denegación de servicio (uso después de liberación de memoria) a través de una aplicación manipulada que aprovecha la emulación de instrucciones para fxrstor, fxsave, sgdt y sidt. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/01/13/7 http://www.securityfocus.com/bid/95430 http://www.securitytracker.com/id/1037603 https://bugzilla.redhat.com/show_bug.cgi?id=1413001 https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d https://usn.ubuntu.com/3754-1 https://access.redhat.com/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. La implementación sg en el kernel Linux hasta la versión 4.9 no restringe correctamente operaciones de escritura en situaciones donde la opción KERNEL_DS está activa, lo que permite a usuarios locales leer o escribir a ubicacioes arbitrarias de memoria de kernel o provocar una denegación de servicio (uso despues de liberación) aprovechando el acceso al dispositivo /dev/sg, relacionado con block/bsg.c y drivers/scsi/sg.c. NOTA: esta vulnerabilidad existe debido a una reparación incompleta de CVE-2016-9576. It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835 http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.openwall.com/lists/oss-security/2016/12/30/1 http://www.securityfocus.com/bid/95169 http://www.securitytracker.com/id/1037538 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://github.com/torvalds/linux • CWE-416: Use After Free •