Page 409 of 3311 results (0.023 seconds)

CVSS: 5.2EPSS: 0%CPEs: 33EXPL: 0

CVE-2015-5307 – virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception

https://notcve.org/view.php?id=CVE-2015-5307

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. El subsistema KVM en el kernel Linux hasta la versión 4.2.6, y Xen 4.3.x hasta la versión 4.6.x permite a usuarios del SO invitados causar una denegación de servicio (panic en el host del SO o cuelgue) desencandenando muchas excepciones #AC (también conocidas como Alignment Check), relacionadas con svm.c y vmx.c. It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http:/&# • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-7799

https://notcve.org/view.php?id=CVE-2015-7799

The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. La función slhc_init en drivers/net/slip/slhc.c en el kernel de Linux hasta la versión 4.2.3 no asegura que ciertos números de ranura sean válidos, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de una llamada PPPIOCSMAXCID ioctl manipulada. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00039. •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

CVE-2013-7445

https://notcve.org/view.php?id=CVE-2013-7445

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. El subsistema Direct Rendering Manager (DRM) en el kernel de Linux hasta la versión 4.x no maneja correctamente las peticiones para los objetos Graphics Execution Manager (GEM), lo que permite a atacantes dependientes del contexto causar una denegación de servicio (consumo de la memoria) a través de una aplicación que procesa datos gráficos, segun lo demostrado por el código JaScript que genera muchos elementos CANVAS para el renderizado de Chrome o Firefox. • https://bugzilla.kernel.org/show_bug.cgi?id=60533 • CWE-399: Resource Management Errors •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5257

https://notcve.org/view.php?id=CVE-2015-5257

drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. drivers/usb/serial/whiteheat.c en el kernel Linux en versiones anteriores a 4.2.4 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero NULL y OOPS) o posiblemente tener otro impacto no especificado a través de un dispositivo USB manipulado. NOTA: este ID se utilizó de manera incorrecta para un problema de Apache Cordova que tiene el ID correcto CVE-2015-8320. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4 http://www.debian.org/security/2015/dsa-3372 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4 http://www.openwall.com/lists/oss-security/2015/09/23/1 http://www.securityfocus.com/bid/76834 http://www.ubuntu.com/usn/USN-2792-1 http://www.ubuntu.com/usn/USN-2794-1 http://www.ubuntu.com/usn/USN-2795-1 http://www.ubuntu.com/usn •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 3

CVE-2015-5283 – kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

https://notcve.org/view.php?id=CVE-2015-5283

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. La función sctp_init en net/sctp/protocol.c en el kernel de Linux en versiones anteriores a 4.2.3 tiene una secuencia incorrecta de pasos de inicialización de protocolo, lo que permite a usuarios locales provocar una denegación de servicio (panic o corrupción de memoria) mediante la creación de sockets SCTP antes de haber finalizado todos los pasos. A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://patchwork.ozlabs.org/patch/515996 http://www.debian.org/security/2015/dsa-3372 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-665: Improper Initialization •