CVE-2018-8043
https://notcve.org/view.php?id=CVE-2018-8043
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). La función unimac_mdio_probe en drivers/net/phy/mdio-bcm-unimac.c en el kernel de Linux hasta la versión 4.15.8 no valida la disponibilidad de ciertos recursos. Esto permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5 http://www.securitytracker.com/id/1040749 https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3630-1 https://usn.ubuntu.com/3630-2 https://usn.ubuntu.com/3632-1 • CWE-476: NULL Pointer Dereference •
CVE-2018-7995
https://notcve.org/view.php?id=CVE-2018-7995
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant ** EN DISPUTA ** Condición de carrera en la función store_int_with_restart() en arch/x86/kernel/cpu/mcheck/mce.c en el kernel de Linux hasta la versión 4.15.7 permite que los usuarios locales provoquen una denegación de servicio (pánico) aprovechándose del acceso root de escritura en el archivo check_interval en un directorio /sys/devices/system/machinecheck/machinecheck<número de cpu> NOTA: un tercero ha indicado que este informe no es relevante para la seguridad: • http://www.securityfocus.com/bid/103356 https://bugzilla.suse.com/show_bug.cgi?id=1084755 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://lkml.org/lkml/2018/3/2/970 https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3656-1 https://www.debian.org/security/2018/dsa-4187 https://www.debian • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2018-7757 – kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c
https://notcve.org/view.php?id=CVE-2018-7757
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. Filtrado de memoria en la función sas_smp_get_phy_events en drivers/scsi/libsas/sas_expander.c en el kernel de Linux, hasta la versión 4.15.7, permite que usuarios locales provoquen una denegación de servicio (consumo de memoria) mediante numerosos accesos de lectura a archivos en el directorio /sys/class/sas_phy, tal y como demuestra el archivo /sys/class/sas_phy/phy-1:0:12/invalid_dword_count. Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 http://www.securityfocus.com/bid/103348 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3654-1 https://usn.ubuntu. • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-18222
https://notcve.org/view.php?id=CVE-2017-18222
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings. En el kernel de Linux en versiones anteriores a la 4.12, Hisilicon Network Subsystem (HNS) no considera el caso ETH_SS_PRIV_FLAGS a la hora de recuperar los datos de sset_count, lo que permite que los usuarios locales provoquen una denegación de servicio (desbordamiento de búfer y corrupción de memoria) o, posiblemente, otro impacto no especificado, tal y como ha quedado demostrado por la incompatibilidad entre hns_get_sset_count y ethtool_get_strings. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c http://www.securityfocus.com/bid/103349 https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3656-1 https://www.debian.org/security/2018/dsa-4188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-7755 – kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2018-7755
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. Se descubrió un fallo de seguridad en la función fd_locked_ioct en drivers/block/floppy.c en el kernel de Linux hasta la versión 4.15.7. La unidad de disquete copiará un puntero kernel a la memoria del usuario en respuesta a la llamada IOCTL FDGETPRM. • https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://lkml.org/lkml/2018/3/7/1116 https://usn.ubuntu.com/3695-1 https://usn.ubuntu.com/3695-2 https://usn.ubuntu.com/3696-1 https://usn.ubuntu.com/3696-2 https://usn.ubuntu.com/3697-1 https://usn.ubuntu.com/3697-2 https://usn.ubuntu.com/3698-1 https://usn.ubuntu.com/369 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •