CVE-2017-8890 – kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
https://notcve.org/view.php?id=CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. La función inet_csk_clone_lock en net / ipv4 / inet_connection_sock.c en el kernel de Linux hasta la versión 4.10.15 permite a los atacantes causar una denegación de servicio (double free) u otro impacto no especificado al aprovechar el uso de la llamada al sistema accept. The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • https://github.com/beraphin/CVE-2017-8890 https://github.com/thinkycx/CVE-2017-8890 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a http://www.debian.org/security/2017/dsa-3886 http://www.securityfocus.com/bid/98562 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2018:1854 https: • CWE-415: Double Free CWE-416: Use After Free •
CVE-2017-8831
https://notcve.org/view.php?id=CVE-2017-8831
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. La función saa7164_bus_get en el archivo drivers/media/pci/saa7164/saa7164-bus.c en el kernel de Linux hasta versión 4.11.5, permite a los usuarios locales causar una denegación de servicio (acceso de matriz fuera de límites) o posiblemente tener otro impacto no especificado por el cambio de un valor predeterminado de número de secuencia, también se conoce como una vulnerabilidad de "double fetch". • http://www.securityfocus.com/archive/1/540770/30/0/threaded http://www.securityfocus.com/bid/99619 https://bugzilla.kernel.org/show_bug.cgi?id=195559 https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1 • CWE-125: Out-of-bounds Read •
CVE-2015-9004
https://notcve.org/view.php?id=CVE-2015-9004
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. kernel/events/core.c en el kernel de Linux anterior a la versión 3.19 no gestiona correctamente el contador grouping, lo que permite a usuarios locales escalar privilegios a través de una aplicación especialmente diseñada para provechar el fallo, relacionado con la apertura de funciones the perf_pmu_register and perf_event_. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511 http://www.securityfocus.com/bid/98166 https://github.com/torvalds/linux/commit/c3c87e770458aa004bd7ed3f29945ff436fd6511 https://source.android.com/security/bulletin/2017-05-01 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2017-7895 – kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests
https://notcve.org/view.php?id=CVE-2017-7895
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. Las implementaciones de los servidores NFSv2 y NFSv3 en versiones del kernel de Linux 4.10.13 y anteriores, no realizan ciertas comprobaciones de la parte final de un búfer lo que permitiría a atacantes remotos desencadenar errores de aritmética de punteros o provocar otro impacto inespecífico a través de peticiones especialmente diseñadas. Relacionado con fs/nfsd/nfs3xdr.c y fs/nfsd/nfsxdr.c. The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. • http://www.debian.org/security/2017/dsa-3886 http://www.securityfocus.com/bid/98085 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1715 https://access.redhat.com/errata/RHSA-2017:1723 https://access.redhat.com/errata/RHSA-2017:1766 https://access.redhat.com/errata/RHSA-2017:1798 https://access.redhat.com/errata/RHSA-2017:2412 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2010-5321
https://notcve.org/view.php?id=CVE-2010-5321
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsistema videobuf en el kernel de Linux 2.6.x hasta la versión 4.x permite a usuarios locales causar una denegación de servicio (consumo de memoria) aprovechando el acceso /dev/video para una serie de llamadas mmap que requieren nuevas asignaciones, una vulnerabilidad diferente a CVE-2007-6761. NOTA: a partir de 18-06-2016, esto afecta sólo a 11 controladores que no se han actualizado para utilizar videobuf2 en lugar de videobuf. • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 http://www.openwall.com/lists/oss-security/2015/02/08/4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340 https://bugzilla.kernel.org/show_bug.cgi?id=120571 https://bugzilla.redhat.com/show_bug.cgi?id=620629 • CWE-772: Missing Release of Resource after Effective Lifetime •