CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7616 – kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
https://notcve.org/view.php?id=CVE-2017-7616
10 Apr 2017 — Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. El manejo incorrecto de los errores en las syscalls set_mempolicy y mbind compat en mm/mempolicy.c en el kernel de Linux hasta la versión 4.10.9 permite a los usuarios locales obtener información confidencial de datos de pila no inicializados al activar... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 • CWE-388: 7PK - Errors CWE-390: Detection of Error Condition Without Action •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7618 – Ubuntu Security Notice USN-3312-2
https://notcve.org/view.php?id=CVE-2017-7618
10 Apr 2017 — crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. crypto/ahash.c en el kernel de Linux hasta 4.10.9 permite a los atacantes causar una denegación de servicio (operación de API llamando a su propia devolución de llamada, y recursión infinita) activando EBUSY en una cola completa. USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update p... • http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-2671 – Linux Kernel - 'ping' Local Denial of Service
https://notcve.org/view.php?id=CVE-2017-2671
05 Apr 2017 — The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. En LightDM en versiones hasta 1.22.0, un problema de directorio transversal en debian/guest-account.sh permite a atacantes locales allows local attackers poseer ubicaciones de... • https://packetstorm.news/files/id/142872 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10318
https://notcve.org/view.php?id=CVE-2016-10318
04 Apr 2017 — A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. Una comprobación de autorización que falta en la función fscrypt_process_policy en fs/crypto/policy.c en el soporte de cifrado del sistema de archivos ext4 y f2fs en el kernel de Linux en versiones anteriores... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=163ae1c6ad6299b19e22b4a35d5ab24a89791a98 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2016-10229
https://notcve.org/view.php?id=CVE-2016-10229
04 Apr 2017 — udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. Udp.c en el kernel de Linux en versiones anteriores a 4.5 permite a los atacantes remotos ejecutar código arbitrario a través del tráfico UDP que dispara un segundo cálculo de checksum inseguro durante la ejecución de una llamada al sistema recv con el indicador MSG_PEEK. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16645 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-16645
03 Apr 2017 — The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. La función ims_pcu_get_cdc_union_desc en drivers/input/misc/ims-pcu.c en el kernel de Linux, en versiones anteriores a la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites ... • http://www.securityfocus.com/bid/101768 • CWE-125: Out-of-bounds Read •
CVSS: 7.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000026 – kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
https://notcve.org/view.php?id=CVE-2018-1000026
03 Apr 2017 — Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. El kernel de Linux, al menos desde la versión v4.8, contiene una vulnerabilidad de validación de entradas in... • http://lists.openwall.net/netdev/2018/01/16/40 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18204 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-18204
03 Apr 2017 — The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. La función ocfs2_setattr en fs/ocfs2/file.c en el kernel de Linux, en versiones anteriores a la 4.14.2, permite que usuarios locales provoquen una denegación de servicio (deadlock) mediante peticiones DIO. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300 •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2017-15129 – kernel: net: double-free and memory corruption in get_net_ns_by_id()
https://notcve.org/view.php?id=CVE-2017-15129
03 Apr 2017 — A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be full... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16537 – Ubuntu Security Notice USN-3617-3
https://notcve.org/view.php?id=CVE-2017-16537
03 Apr 2017 — The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. La función imon_probe en drivers/media/rc/imon.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o, posiblemente, causen otro... • https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ • CWE-476: NULL Pointer Dereference •