CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5986 – kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf
https://notcve.org/view.php?id=CVE-2017-5986
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. Condición de carrera en la función sctp_wait_for_sndbuf en net/sctp/socket.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a usuarios locales provocar una denegación de servicio (fallo de aserción y pánico) a través de una aplicación multihilo que despega una asociación en un cierto estado de búfer completo. It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90 http://www.debian.org/security/2017/dsa-3804 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 http://www.openwall.com/lists/oss-security/2017/02/14/6 http://www.securityfocus.com/bid/96222 https://access.redhat.com/errata/RHSA-2017:1308 https://bugzilla.redhat.com/show_bug.cgi?id=1420276 https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5967
https://notcve.org/view.php?id=CVE-2017-5967
The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. El subsistema de tiempo en el kernel de Linux hasta la versión 4.9.9, cuando CONFIG_TIMER_STATS está habilitado, permite a usuarios locales descubrir valores PID reales (diferenciados de valores PID dentro de un namespace PID) leyendo el archivo /proc/timer_list, relacionado con la función print_timer en kernel/time/timer_list.c y la función __timer_stats_timer_set_start_info en kernel/time/timer.c. • http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1 http://www.securityfocus.com/bid/96271 https://bugzilla.kernel.org/show_bug.cgi?id=193921 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5970 – kernel: ipv4: Invalid IP options could cause skb->dst drop
https://notcve.org/view.php?id=CVE-2017-5970
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. La función ipv4_pktinfo_prepare en net/ipv4/ip_sockglue.c en el kernel de Linux hasta la versión 4.9.9 permite a atacantes provocar una denegación de servicio (caída de sistema) a través de (1) una aplicación que hace llamadas de sistema manipuladas o posiblemente (2) tráfico IPv4 con opciones IP inválidas. A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644 http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/02/12/3 http://www.securityfocus.com/bid/96233 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.redhat.com/show_bug.cgi?id=1421638 https://github.com/torvalds& • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 3CVE-2017-5972 – Linux Kernel 3.10.0 (CentOS 7) - Denial of Service
https://notcve.org/view.php?id=CVE-2017-5972
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code. La pila TCP en el kernel de Linux versiones 3.x, no implementa apropiadamente un mecanismo de protección de cookies SYN para el caso de una conexión de red rápida, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de CPU) mediante el envío de muchos paquetes TCP SYN, como es demostrado por un ataque contra el paquete kernel versión 3.10.0 en CentOS Linux versión 7. NOTA: terceros no han podido discernir ninguna relación entre la búsqueda de GitHub Engineering y el código de ataque Trigemini.c. CentOS7 suffers from a kernel crashing denial of service issue triggered by an rsyslog daemon vulnerability. • https://www.exploit-db.com/exploits/41350 http://seclists.org/oss-sec/2017/q1/573 http://www.securityfocus.com/bid/96231 https://access.redhat.com/security/cve/cve-2017-5972 https://bugzilla.redhat.com/show_bug.cgi?id=1422081 https://cxsecurity.com/issue/WLB-2017020112 https://githubengineering.com/syn-flood-mitigation-with-synsanity https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html https://security-tracker.debian.org/tracker/CVE-2017-5972 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-10044
https://notcve.org/view.php?id=CVE-2016-10044
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. La función aio_mount en fs/aio.c en el kernel de Linux en versiones anteriores a 4.7.7 no restringe adecuadamente el acceso de ejecución, lo que facilita a usuarios locales eludir restricciones de política destinadas SELinux W^X, y consecuentemente obtener privilegios, a través de una llamada de sistema io_setup. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a http://source.android.com/security/bulletin/2017-02-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7 http://www.securityfocus.com/bid/96122 http://www.securitytracker.com/id/1037798 https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a • CWE-264: Permissions, Privileges, and Access Controls •