CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 0CVE-2017-16914
https://notcve.org/view.php?id=CVE-2017-16914
31 Jan 2018 — The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. La función "stub_send_ret_submit()" (drivers/usb/usbip/stub_tx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.107, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante u... • http://www.securityfocus.com/bid/102150 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2017-16911
https://notcve.org/view.php?id=CVE-2017-16911
31 Jan 2018 — The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. El controlador vhci_hcd en el kernel de Linux, en versiones anteriores a la 4.14.8 y la 4.4.114, permite que atacantes locales revelen direcciones de memoria del kernel. La explotación con éxito requiere que se conecte un dispositivo USB mediante IP. • http://www.securityfocus.com/bid/102156 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 0CVE-2017-16913
https://notcve.org/view.php?id=CVE-2017-16913
31 Jan 2018 — The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. La función "stub_recv_cmd_submit()" (drivers/usb/usbip/stub_rx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.114, al gestionar paquetes CMD_SUBMIT, permite que atacantes provoquen un... • http://www.securityfocus.com/bid/102150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6412
https://notcve.org/view.php?id=CVE-2018-6412
31 Jan 2018 — In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. En la función sbusfb_ioctl_helper() en drivers/video/fbdev/sbuslib.c en el kernel de Linux hasta la versión 4.15, un error en la propiedad signedness de un número entero permite la fuga de información arbitraria para los comandos FBIOPUTCMAP_SPARC y FBIOGETCMAP_SPARC. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-18079
https://notcve.org/view.php?id=CVE-2017-18079
29 Jan 2018 — drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. drivers/input/serio/i8042.c en el kernel de Linux en versiones anteriores a la 4.12.4 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que, posiblemente, tengan otro tipo de imp... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5750 – kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
https://notcve.org/view.php?id=CVE-2018-5750
26 Jan 2018 — The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. La función acpi_smbus_hc_add en drivers/acpi/sbshc.c en el kernel de Linux hastas la versión 4.14.15 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg de una llamada SBS HC printk. The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.1... • http://www.securitytracker.com/id/1040319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18075 – kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service
https://notcve.org/view.php?id=CVE-2017-18075
24 Jan 2018 — crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. crypto/pcrypt.c en el kernel de Linux en versiones anteriores a la 4.14.13 gestiona de manera incorrecta la liberación de instancias, lo que permi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68 • CWE-628: Function Call with Incorrectly Specified Arguments CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2018-1000004 – kernel: Race condition in sound system can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-1000004
16 Jan 2018 — In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. En el kernel de Linux en versiones 4.12, 3.10, 2.6 y, probablemente, versiones anteriores, existe una vulnerabilidad en el sistema de sonido, lo que puede conducir a un deadlock y a una condición de denegación de servicio (DoS). In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerabilit... • http://seclists.org/oss-sec/2018/q1/51 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5703
https://notcve.org/view.php?id=CVE-2018-5703
16 Jan 2018 — The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. La función tcp_v6_syn_recv_sock en net/ipv6/tcp_ipv6.c en el kernel de Linux, en versiones hasta la 4.14.11, permite que los atacantes provoquen una denegación de servicio (escritura fuera de límites del bloque) o, posiblemente, causen otros impactos no especificados mediante ... • https://groups.google.com/d/msg/syzkaller-bugs/0PBeVnSzfqQ/5eXAlM46BQAJ • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15127 – kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2017-15127
14 Jan 2018 — A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). Se encontró un error en la función hugetlb_mcopy_atomic_pte en mm/hugetlb.c en el kernel de Linux en versiones anteriores a la 4.13. Un desbloqueo superfluo implícito de página para la representación hugetlbfs de VM_SHARED podría desembocar una denegación de servicio local (error). A flaw w... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995 • CWE-460: Improper Cleanup on Thrown Exception •