Page 440 of 2818 results (0.014 seconds)

CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 3

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. • https://www.exploit-db.com/exploits/44305 https://www.exploit-db.com/exploits/43199 http://www.securityfocus.com/bid/102032 http://www.securitytracker.com/id/1040020 https://access.redhat.com/errata/RHSA-2018:0180 https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 https://source.android.com/security/bulletin/pixel/2018-02-01 https://access.redhat.com/security/cve/CVE-2017-1000405 https://bugzilla.redhat.com/show_bug.cgi?id=1516514 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). La función rngapi_reset en crypto/rng.c en el kernel de Linux en versiones anteriores a la 4.2 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL). A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://bugzilla.redhat.com/show_bug.cgi?id=1485815 https://bugzilla.redhat.com/show_bug.cgi?id=1514609 https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/security/cve/CVE-2017-15116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 2

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. La implementación de políticas de volcado XFRM en net/xfrm/xfrm_user.c en el kernel de Linux en versiones anteriores a la 4.13.11 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante una llamada del sistema a setsockopt con la opción SO_RCVBUF junto con mensajes Netlink XFRM_MSG_GETPOLICY. The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system. • https://www.exploit-db.com/exploits/44049 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://seclists.org/fulldisclosure/2017/Nov/40 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101954 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1355 https:/ • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versiones anteriores a la 4.13.11 gestiona de manera incorrecta la división de nodos, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y pánico) mediante una aplicación manipulada, tal y como demuestra el tipo de clave de conjunto de claves, así como las operaciones de suma de claves y creación de enlaces. A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101678 https://access.redhat.com/errata/RHSA-2018:0151 https://bugzilla.redhat.com/show_bug.cgi?id=1501215 https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b https://usn.ubuntu.com/3698-1 https://usn.ubuntu.com/3698-2 https://access.redhat.com/secu • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. Las funciones bio_map_user_iov y bio_unmap_user en block/bio.c en el kernel de Linux en versiones anteriores a la 4.13.8 realizan un refcount no equilibrado cuando un vector SCSI I/O tiene búferes pequeños consecutivos que pertenecen a la misma página. La función bio_add_pc_page los combina en uno solo, pero la referencia de la página nunca se anula. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467 http://seclists.org/oss-sec/2017/q4/52 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 http://www.securityfocus.com/bid/101911 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat&# • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •