Page 426 of 2992 results (0.054 seconds)

CVSS: 6.1EPSS: 0%CPEs: 204EXPL: 0

Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. Desbordamiento de buffer basado en pila en la función ttusbdecfe_dvbs_diseqc_send_master_cmd en drivers/media/usb/ttusb-dec/ttusbdecfe.c en el kernel de Linux anterior a 3.17.4 permite a usuarios locales causar una denegación de servicio (caída del sistema) o posiblemente ganar privilegios a través de una longitud de mensaje grande en una llamada ioctl. A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2e323ec96077642d397bb1c355def536d489d16 http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0782.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://secunia.com/advisories/62305 http://www.debian.org/security/2014/dsa-3093 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4 http://www.openwall.com/lists/oss-security/2014/11/14/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. La función __clear_user en arch/arm64/lib/clear_user.S en el kernel de Linux anterior a 3.17.4 en la plataforma ARM64 permite a usuarios locales causar una denegación de servicio (caída del sistema) mediante la lectura de un byte más allá del límite de página /dev/zero. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d http://secunia.com/advisories/62305 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4 http://www.openwall.com/lists/oss-security/2014/11/13/5 http://www.securityfocus.com/bid/71082 https://bugzilla.redhat.com/show_bug.cgi?id=1163744 https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d • CWE-17: DEPRECATED: Code •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets. La función ieee80211_fragment en net/mac80211/tx.c en el kernel de Linux anterior a 3.13.5 no mantiene debidamente cierto puntero de cola, lo que permite a atacantes remotos obtener información sensible en texto plano mediante la lectura de paquetes. An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338f977f4eb441e69bb9a46eaa0ac715c931a67f http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-1272.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeL • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 3

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. La función d_walk en fs/dcache.c en el kernel de Linux hasta 3.17.2 no mantiene debidamente la semántica de rename_lock, lo que permite a usuarios locales causar una denegación de servicio (bloqueo y cuelgue del sistema) a través de una aplicación manipulada. A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-1976.html http:&# • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. La función kvm_iommu_map_pages en virt/kvm/iommu.c en el kernel de Linux hasta 3.17.2 calcula mal el número de páginas durante el manejo de fallo en el mapeo, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio ( liberación de página del sistema operativo anfitrión) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de los privilegios del sistema operativo invitado. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2014-3601. It was found that the fix for CVE-2014-3601 was incomplete: the Linux kernel's kvm_iommu_map_pages() function still handled IOMMU mapping failures incorrectly. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0674.html http://secunia.com/advisories/62326 http://secunia.com/advisories/62336 http://www.debian.org/security/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •