CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-12929 – kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko
https://notcve.org/view.php?id=CVE-2018-12929
28 Jun 2018 — ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem. ntfs_read_locked_inode en el controlador en el sistema de archivos ntfs.ko en el kernel de Linux 4.15.0 permite que los atacantes desencadenen una lectura de uso de memoria previamente liberada y, posiblemente, provoquen una denegación de servicio (OOPS o pánico del kernel) mediante un... • http://www.securityfocus.com/bid/104588 • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 2CVE-2018-12904 – KVM (Nested Virtualization) - L1 Guest Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-12904
27 Jun 2018 — In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. En arch/x86/kvm/vmx.c en el kernel de Linux en versiones anteriores a la 4.17.2, cuando se emplea la virtualización anidada, los atacantes locales podrían hacer que los invitados L1 KVM realizasen un VMEXIT, permitiendo escalados de privilegios y ataques de den... • https://www.exploit-db.com/exploits/44944 •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1000204 – kernel: Infoleak caused by incorrect handling of the SG_IO ioctl
https://notcve.org/view.php?id=CVE-2018-1000204
26 Jun 2018 — Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /de... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12714
https://notcve.org/view.php?id=CVE-2018-12714
24 Jun 2018 — An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.2. El an... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=81f9c4e4177d31ced6f52a89bb70e93bfb77ca03 • CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12633
https://notcve.org/view.php?id=CVE-2018-12633
22 Jun 2018 — An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and inf... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd23a7269834dc7c1f93e83535d16ebc44b75eba • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10723
https://notcve.org/view.php?id=CVE-2016-10723
21 Jun 2018 — An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle. ** EN D... • https://patchwork.kernel.org/patch/10395909 • CWE-399: Resource Management Errors •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5814 – Ubuntu Security Notice USN-3752-3
https://notcve.org/view.php?id=CVE-2018-5814
12 Jun 2018 — In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. En el kernel de Linux en versiones anteriores a la 4.16.11, 4.14.43, 4.9.102 y 4.4.133, múltiples errores de condición de carrera al gestionar operaciones probe, disconnect y rebind pueden explotarse para desencadenar una con... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12233 – Ubuntu Security Notice USN-3752-3
https://notcve.org/view.php?id=CVE-2018-12233
12 Jun 2018 — In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. En la función ea_get en fs/jfs/xattr.c en el kernel de Linux hasta la versión 4.17.1, un error de corrupción de... • http://www.securityfocus.com/bid/104452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12232 – kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor
https://notcve.org/view.php?id=CVE-2018-12232
12 Jun 2018 — In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. En net/socket.c en el kernel de Linux hasta la versión 4.17.1, hay una condición de carrera entr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000200 – kernel: NULL pointer dereference on OOM kill of large mlocked process
https://notcve.org/view.php?id=CVE-2018-1000200
05 Jun 2018 — The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked). Las versiones 4.14, 4.15 ... • http://seclists.org/oss-sec/2018/q2/67 • CWE-476: NULL Pointer Dereference •