Page 427 of 2967 results (0.009 seconds)

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. La función proc_keys_show en security/keys/proc.c en el kernel de Linux hasta la versión 4.8.2, cuando el protector de pila GNU Compiler Collection (gcc) está habilitado, utiliza un tamaño de búfer incorrecto para ciertos datos de tiempo de espera, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de la memoria de pila y pánico) leyendo el archivo /proc/keys. It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. • http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.openwall.com/lists/oss-security/2016/10/13/5 http://www.securityfocus.com/bid/93544 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.redhat.com/show_bug.cgi?id=1373966 https://source.android.com/security/bulletin/2017-01-01.html https://access.redhat.com/security/cve/CVE-2016-7042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. mm/memory.c en el kernel de Linux en versiones anteriores a 4.1.4 no maneja adecuadamente páginas anónimas, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (adulteración de página) a través de una aplicación manipulada que desencadena escribir a la página cero. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4 http://www.securityfocus.com/bid/93591 https://bugzilla.redhat.com/show_bug.cgi?id=1333830 https://github.com/torvalds/linux/commit/6b7339f4c31ad69c8e9c0b2859276e22cf72176d https://security-tracker.debian.org/tracker/CVE-2015-3288 https://source.android.com/security/bulletin/2017-01-01.html https://access.redhat.com/security& • CWE-20: Improper Input Validation CWE-391: Unchecked Error Condition •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. La implementación del sistema de archivos en el kernel de Linux hasta la versión 4.8.2 preserva el bit setgid durante una llamada setxattr, lo que permite a usuarios locales obtener privilegios de grupo aprovechando la existencia de un programa setgid con restricciones en permisos de ejecución. It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2 http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.openwall.com/lists/oss-security/2016/08/26/3 http://www.securityfocus.com/bid/92659 http://www.securitytracker.com/id/1038201 http://www.spinics.net/lists/linux-fsdevel/msg98328.html http://www.ubuntu.com/usn/USN-3146-1 http://www.ubuntu.com • CWE-285: Improper Authorization CWE-287: Improper Authentication •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. drivers/infiniband/ulp/srpt/ib_srpt.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) usando un comando ABORT_TASK para abortar una operación de escritura de dispositivo. System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463 http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1 http://www.openwall.com/lists/oss-security/2016/08/19/5 http://www.securityfocus.com/bid/92549 https://bugzilla.redhat.com/show_bug.cgi?id=1354525 https://github.com/torvalds/linux/commit/51093254bf879bc9c • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. La funcionalidad mbcache en las implementaciones del sistema de archivos ext2 y ext4 en el kernel de Linux en versiones anteriores a 4.6 no maneja adecuadamente bloque de almacenamiento en caché xattr, lo que permite a usuarios locales provocar una denegación de servicio (bloqueo débil) a través de operaciones de sistema de archivos en entornos que usan muchos atributos, como se demuestra por Ceph y Samba. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82939d7999dfc1f1998c4b1c12e2f19edbdff272 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=be0726d33cb8f411945884664924bed3cb8c70ee http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9a61eb4e2471c56a63cd804c7474128138c38ac http://www.openwall.com/lists/oss-security/2016/08/22/2 http://www.openwall.com/lists/oss-security/2016/08/25/4 https://bugzilla.kernel.org/show_bug.cgi?id=10 • CWE-19: Data Processing Errors •