Page 441 of 2999 results (0.027 seconds)

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. La memoria de pila InfiniBand (también conocida como IB) en el kernel de Linux en versiones anteriores a 4.5.3 confía incorrectamente en llamadas al sistema de escritura, lo que permite a usuarios locales provocar una denegación de servicio (operación de escritura en la memoria del kernel) o posiblemente tener otro impacto no especificado a través de una interfaz uAPI. A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. La función snd_timer_user_params en sound/core/timer.c en el kernel de Linux hasta la versión 4.6 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través del uso manipulado de la interfaz ALSA timer. A vulnerability was found in Linux kernel. There is an information leak in file "sound/core/timer.c" of the latest mainline Linux kernel, the stack object “tread” has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •

CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 1

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. sound/core/timer.c en el kernel de Linux hasta la versión 4.6 no inicializa determinadas estructuras de datos r1, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través del uso manipulado de la interfaz ALSA timer, relacionado con las funciones (1) snd_timer_user_ccallback y (2) snd_timer_user_tinterrupt. A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. • https://www.exploit-db.com/exploits/46529 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opens • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. La función get_rock_ridge_filename en fs/isofs/rock.c en el kernel de Linux en versiones anteriores a 4.5.5 no maneja correctamente entradas NM (también conocidas como alternate name) que contienen caracteres \0, lo que permite a usuarios locales obtener información sensible del kernel de memoria o posiblemente tener otro impacto no especificado a través de un sistema de archivo isofs manipulado. A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://www.debian.org/security/2016/dsa-3607 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 http://www.openwall.com/lists/oss-security/2016/05/18/3 http://www.openwall.com/lists/oss-security/2016/05/18/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. La función llc_cmsg_rcv en net/llc/af_llc.c en el kernel de Linux en versiones anteriores a 4.5.5 no inicializa una estructura de datos determinada, lo que permite a atacantes obtener información sensible del kernel de memoria de pila leyendo un mensaje. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://www.debian.org/security/2016/dsa-3607 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 http://www.openwall.com/lists/oss-security/2016/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •