Page 433 of 3260 results (0.016 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. Condición de carrera en la función rds_sendmsg en net/rds/sendmsg.c en el kernel de Linux en versiones anteriores a 4.3.3 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tener otro impacto no especificado mediante el uso de un socket que no estaba vinculado adecuadamente. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-6937 • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.2EPSS: 0%CPEs: 33EXPL: 0

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. El subsistema KVM en el kernel Linux hasta la versión 4.2.6, y Xen 4.3.x hasta la versión 4.6.x permite a usuarios del SO invitados causar una denegación de servicio (panic en el host del SO o cuelgue) desencandenando muchas excepciones #AC (también conocidas como Alignment Check), relacionadas con svm.c y vmx.c. It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http:/&# • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. La función slhc_init en drivers/net/slip/slhc.c en el kernel de Linux hasta la versión 4.2.3 no asegura que ciertos números de ranura sean válidos, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de una llamada PPPIOCSMAXCID ioctl manipulada. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00039. •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. El subsistema Direct Rendering Manager (DRM) en el kernel de Linux hasta la versión 4.x no maneja correctamente las peticiones para los objetos Graphics Execution Manager (GEM), lo que permite a atacantes dependientes del contexto causar una denegación de servicio (consumo de la memoria) a través de una aplicación que procesa datos gráficos, segun lo demostrado por el código JaScript que genera muchos elementos CANVAS para el renderizado de Chrome o Firefox. • https://bugzilla.kernel.org/show_bug.cgi?id=60533 • CWE-399: Resource Management Errors •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 3

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. La función sctp_init en net/sctp/protocol.c en el kernel de Linux en versiones anteriores a 4.2.3 tiene una secuencia incorrecta de pasos de inicialización de protocolo, lo que permite a usuarios locales provocar una denegación de servicio (panic o corrupción de memoria) mediante la creación de sockets SCTP antes de haber finalizado todos los pasos. A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://patchwork.ozlabs.org/patch/515996 http://www.debian.org/security/2015/dsa-3372 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-665: Improper Initialization •