CVE-2018-7273 – Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
https://notcve.org/view.php?id=CVE-2018-7273
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. En el kernel de Linux hasta la versión 4.15.4, el controlador del disquete revela las direcciones de las funciones del kernel y las variables globales empleando llamadas printk en la función show_floppy en drivers/block/floppy.c. Un atacante puede leer esta información de dmesg y emplear las direcciones para encontrar las localizaciones del código y los datos del kernel y omitir las protecciones de seguridad como KASLR. • https://www.exploit-db.com/exploits/44325 https://github.com/jedai47/CVE-2018-7273 http://www.securityfocus.com/bid/103088 https://lkml.org/lkml/2018/2/20/669 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
https://notcve.org/view.php?id=CVE-2018-6927
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando un valor wake o requeue negativo. The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a http://www.securityfocus.com/bid/103023 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu. • CWE-190: Integer Overflow or Wraparound •
CVE-2017-18174
https://notcve.org/view.php?id=CVE-2017-18174
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. En el kernel de Linux, en versiones anteriores a la 4.7, la función amd_gpio_remove en drivers/pinctrl/pinctrl-amd.c llama a la función pinctrl_unregister, lo que conduce a una doble liberación (double free). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=251e22abde21833b3d29577e4d8c7aaccd650eee http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dca4a41f1ad65043a78c2338d9725f859c8d2c3 https://github.com/torvalds/linux/commit/251e22abde21833b3d29577e4d8c7aaccd650eee https://github.com/torvalds/linux/commit/8dca4a41f1ad65043a78c2338d9725f859c8d2c3 https://usn.ubuntu.com/3848-1 https://usn.ubuntu.com/3848-2 • CWE-415: Double Free •
CVE-2018-6412
https://notcve.org/view.php?id=CVE-2018-6412
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. En la función sbusfb_ioctl_helper() en drivers/video/fbdev/sbuslib.c en el kernel de Linux hasta la versión 4.15, un error en la propiedad signedness de un número entero permite la fuga de información arbitraria para los comandos FBIOPUTCMAP_SPARC y FBIOGETCMAP_SPARC. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bde https://marc.info/?l=linux-fbdev&m=151734425901499&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-18079
https://notcve.org/view.php?id=CVE-2017-18079
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. drivers/input/serio/i8042.c en el kernel de Linux en versiones anteriores a la 4.12.4 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que, posiblemente, tengan otro tipo de impacto sin especificar debido a que el valor port->exists puede cambiar tras ser validado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226 http://www.securityfocus.com/bid/102895 https://github.com/torvalds/linux/commit/340d394a789518018f834ff70f7534fc463d3226 https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4 • CWE-476: NULL Pointer Dereference •