Page 404 of 3161 results (0.019 seconds)

CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0

arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. arch/arm64/kernel/perf_event.c en el kernel de Linux en versiones anteriores a 4.1 en plataformas arm64 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (puntero de referencia no valido) a través de vectores relacionados con eventos que son manejados incorrectamente durante un lapso de múltiples HW PMUs. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fff105e13041e49b82f92eef034f363a6b1c071 http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/93314 https://github.com/torvalds/linux/commit/8fff105e13041e49b82f92eef034f363a6b1c071 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. La función tcp_check_send_head en include/net/tcp.h en el kernel de Linux en versiones anteriores a 4.7.5 no mantiene adecuadamente cierto estado SACK tras una copia de datos fallida, lo que permite a usuarios locales provocar una denegación de servicio (uso después de liberación de memoria tcp_xmit_retransmit_queue y caída de sistema ) a través de una opción SACK manipulada. A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. • https://www.exploit-db.com/exploits/40731 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4 http://rhn.redhat.com/errata/RHSA-2017-0036.html http://rhn.redhat.com/errata/RHSA-2017-0086.html http://rhn.redhat.com/errata/RHSA-2017-0091.html http://rhn.redhat.com/errata/RHSA-2017-0113.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5 http://www.openwall.com/lists/oss-security/2016/08/15/ • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. La capa del sistema de archivos en el kernel de Linux en versiones anteriores a 4.5.5 procede con operaciones de cambio de nombre después de que un archivo OverlayFS es cambiado de nombre a un self-hardlink, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) a través de una llamada al sistema, relacionado con fs/namei.c y fs/open.c. A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d5ca871e72f2bb172ec9323497f01cd5091ec7 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca http://rhn.redhat.com/errata/RHSA-2016-1847.html http://rhn.redhat.com/errata/RHSA-2016-1875.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. La pila IPv6 en el kernel de Linux en versiones anteriores a 4.3.3 no maneja adecuadamente datos de las opciones, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación y caída de sistema) a través de una llamada al sistema sendmsg manipulada. It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39 http://rhn.redhat.com/errata/RHSA-2016-0855.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://rhn.redhat.com/errata/RHSA-2016-2695.html http://source.android.com/security/bulletin/2016-08-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 http://www.securityfocus.com/bid/92227 http • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free CWE-667: Improper Locking •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. Pérdida de memoria en la función airspy_probe en drivers/media/usb/airspy/airspy.c en el controlador USB airspy en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de un dispositivo USB manipulado que emula muchos dispositivos VFL_TYPE_SDR o VFL_TYPE_SUBDEV y realiza muchas operaciones de conexión y desconexión. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848 http://www.openwall.com/lists/oss-security/2016/07/25/1 http://www.securityfocus.com/bid/92104 http://www.securitytracker.com/id/1036432 http://www.ubuntu.com/usn/USN-3070-1 http://www.ubuntu.com/usn/USN-3070-2 http://www.ubuntu.com/usn/USN-3070-3 http://www.ubuntu.com/usn/USN-3070-4 https://bugzilla.redhat.com/show_bug.cgi?id=1358184 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •