CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18386 – kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service
https://notcve.org/view.php?id=CVE-2018-18386
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. drivers/tty/n_tty.c en el kernel de Linux en versiones anteriores a la 4.14.11 permite que atacantes locales (que pueden acceder a los pseudoterminales) bloqueen el uso de dispositivos pseudoterminal debido a una confusión EXTPROC versus ICANON en TIOCINQ. A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348 https://access.redhat.com/errata/RHSA-2019:0831 https://bugzilla.suse.com/show_bug.cgi?id=1094825 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11 https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348 https://usn.ubuntu.com/3849-1 https://usn.ubuntu.com/3849-2 https://access.redhat.com/security/cve/CVE-2018-18386 https://bugzilla& • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14656
https://notcve.org/view.php?id=CVE-2018-14656
A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. La falta de una comprobación de direcciones en los llamantes de show_opcodes() en el kernel de Linux permite que un atacante vuelque la memoria del kernel en una dirección arbitraria del kernel en el registro dmesg. • http://www.securitytracker.com/id/1041804 https://bugs.chromium.org/p/project-zero/issues/detail?id=1650 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14656 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342db04ae71273322f0011384a9ed414df8bdae4 https://lore.kernel.org/lkml/20180828154901.112726-1-jannh%40google.com/T https://seclists.org/oss-sec/2018/q4/9 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-18021 – kernel: Privilege escalation on arm64 via KVM hypervisor
https://notcve.org/view.php?id=CVE-2018-18021
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes. arch/arm64/kvm/guest.c en KVM en el kernel de Linux en versiones anteriores a la 4.18.12 en la plataforma arm64 gestiona de manera incorrecta la llamada IOCTL KVM_SET_ON_REG. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93459d689d990b3ecfbe782fec89b97d3279 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d26c25a9d19b5976b319af528886f89cf455692d http://www.securityfocus.com/bid/105550 https://access.redhat.com/errata/RHSA-2018:3656 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.12 https://github.com/torvalds/linux/commit/2a3f93459d689d990b3ecfbe782fec89b97d3279 https://github.com/torvalds/linux/commit/d26c25a9d19b5 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-17972 – kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks
https://notcve.org/view.php?id=CVE-2018-17972
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. Se descubrió un problema en la función proc_pid_stack en fs/proc/base.c en el kernel de Linux hasta la versión 4.18.11. No asegura que solo root pueda inspeccionar la pila del kernel de una tarea arbitraria, lo que permite que un atacante local explote de forma arbitraria el proceso de marcha atrás en la pila a la hora de producirse una excepción (stack unwinding) y filtre el contenido de la pila de tareas del kernel. An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://www.securityfocus.com/bid/105525 https://access.redhat.com/errata/RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0514 https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2473 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-ann • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 15EXPL: 0CVE-2018-9363 – kernel: Buffer overflow in hidp_process_report
https://notcve.org/view.php?id=CVE-2018-9363
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. Hay un desbordamiento de enteros en hidp_process_report en bluetooth. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://source.android.com/security/bulletin/2018-06-01 https://usn.ubuntu.com/3797-1 https://usn.ubuntu.com/3797-2 https://usn.ubuntu.com/3820-1 https://usn.ubuntu.com/3820-2 https://usn.ubuntu.com/3820-3 https://usn.ubuntu.com/3822-1 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •