Page 426 of 2802 results (0.018 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. El subsistema x86/fpu (Floating Point Unit) en el kernel de Linux en versiones anteriores a la 4.13.5, cuando un procesador soporta la característica xsave pero no la xsaves, no gestiona correctamente los intentos de establecer bits reservados en la cabecera xstate mediante las llamadas de sistema ptrace() o rt_sigreturn(), lo que permite que usuarios locales lean los registros FPU de otros procesos en el sistema, relacionado con arch/x86/kernel/fpu/regset.c y arch/x86/kernel/fpu/signal.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5 https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e https://source.android.com/security/bulletin/pixel/2018-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. Condición de carrera en el subsistema ALSA en el kernel de Linux en versiones anteriores a la 4.13.8 permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o posiblemente otro impacto mediante llamadas ioctl /dev/snd/seq ioctl manipuladas. Esto está relacionado con sound/core/seq/seq_clientmgr.c y sound/core/seq/seq_ports.c. A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026 http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 http://www.openwall.com/lists/oss-security/2017/10/11/3 http://www.securityfocus.com/bid/101288 http://www.securitytracker.com/id/1039561 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-201 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. El subsistema de claves KEYS en el kernel Linux hasta la versión 4.13.7 gestiona de manera incorrecta el uso de add_key para una clave que ya existe, pero no se ha probado, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que tengan un impacto sin especificar mediante una llamada del sistema manipulada. A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS). • https://access.redhat.com/errata/RHSA-2018:0654 https://bugzilla.redhat.com/show_bug.cgi?id=1498016 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://marc.info/?t=150654188100001&r=1&w=2 https://marc.info/?t=150783958600011&r=1&w=2 https://usn.ubuntu.com/3798-1 https://usn.ubuntu.com/3798-2 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html https://access.redhat.com/security/cve/CVE-2017-15299 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. security/keys/keyctl.c en el kernel de Linux en versiones anteriores a la 4.11.5 no tiene en cuenta el caso de una carga útil NULL junto con un valor de longitud que no sea cero, lo que permite a usuarios locales provocar una denegación de servicio (desreferencia de puntero NULL and OOPS) mediante una llamada de sistema add_key o keyctl manipulada. Esta es una vulnerabilidad diferente a CVE-2017-12192. A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5 http://www.securityfocus.com/bid/101292 https://access.redhat.com/errata/RHSA-2019:1946 https://bugzilla.suse.com/show_bug.cgi?id=1045327 https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5 https://patchwork.kernel.org/patch/9781573 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com&# • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. La función keyctl_read_key en security/keys/keyctl.c en el subcomponente Key Management en el kernel de Linux en versiones anteriores a la 4.13.5 no considera correctamente que se puede tener una clave instanciada negativamente, lo que permite que los usuarios locales provoquen una denegación de servicio (OOPS y cierre inesperado del sistema) mediante una operación KEYCTL_READ manipulada. A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5 https://access.redhat.com/errata/RHSA-2018:0151 https://bugzilla.redhat.com/show_bug.cgi?id=1493435 https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678 https://lkml.org/lkml/2017/9/18/764 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://access.redhat.com • CWE-476: NULL Pointer Dereference •