Page 445 of 2760 results (0.020 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2017-5970 – kernel: ipv4: Invalid IP options could cause skb->dst drop

https://notcve.org/view.php?id=CVE-2017-5970

The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. La función ipv4_pktinfo_prepare en net/ipv4/ip_sockglue.c en el kernel de Linux hasta la versión 4.9.9 permite a atacantes provocar una denegación de servicio (caída de sistema) a través de (1) una aplicación que hace llamadas de sistema manipuladas o posiblemente (2) tráfico IPv4 con opciones IP inválidas. A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644 http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/02/12/3 http://www.securityfocus.com/bid/96233 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.redhat.com/show_bug.cgi?id=1421638 https://github.com/torvalds& • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-10044

https://notcve.org/view.php?id=CVE-2016-10044

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. La función aio_mount en fs/aio.c en el kernel de Linux en versiones anteriores a 4.7.7 no restringe adecuadamente el acceso de ejecución, lo que facilita a usuarios locales eludir restricciones de política destinadas SELinux W^X, y consecuentemente obtener privilegios, a través de una llamada de sistema io_setup. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a http://source.android.com/security/bulletin/2017-02-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7 http://www.securityfocus.com/bid/96122 http://www.securitytracker.com/id/1037798 https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5551 – kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)

https://notcve.org/view.php?id=CVE-2017-5551

The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. La función simple_set_acl en fs/posix_acl.c en el kernel de Linux en versiones anteriores a 4.9.6 preserva el bit setgid durante una llamada setxattr que implica un sistema de archivos tmpfs, lo que permite a usuarios locales obtener privilegios de grupo aprovechando la existencia de un programa setgid con restricciones sobre los permisos de ejecución. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-7097. A vulnerability was found in the Linux kernel in 'tmpfs' file system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=497de07d89c1410d76a15bec2bb41f24a2a89f31 http://www.debian.org/security/2017/dsa-3791 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95717 http://www.securitytracker.com/id/1038053 https://bugzilla.redhat.com/show_bug.cgi?id=1416126 https://github.com/torvalds/linux/commit/497de07d89c1410d76a15bec2bb41f24a2a89f31 • CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-2596 – Kernel: kvm: page reference leakage in handle_vmon

https://notcve.org/view.php?id=CVE-2017-2596

The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. La función nested_vmx_check_vmptr en arch/x86/kvm/vmx.c en el kernel de Linux hasta la versión 4.9.8 emula indebidamente la instrucción VMXON, lo que permite a usuarios del SO invitado KVM L1 provocar una denegación de servicio (consumo de memoria del SO anfitrión) aprovechando el manejo incorrecto de referencia de páginas. Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS. • http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/01/31/4 http://www.securityfocus.com/bid/95878 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://bugzilla.redhat.com/show_bug.cgi?id=1417812 https://access.redhat.com/security/cve/CVE-2017-2596 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-2583 – Kernel: Kvm: vmx/svm potential privilege escalation inside guest

https://notcve.org/view.php?id=CVE-2017-2583

The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. La implementación de load_segment_descriptor en arc/x86/kvm/emulate.c en el kernel de Linux en versiones anteriores a 4.9.5 emula indebidamente una instrucción "MOV SS, NULL selector", lo que permite a usuarios del SO invitado provocar una denegación de servicio (caída del SO invitado) u obteniendo privilegios de SO invitado a través de una aplicación manipulada. Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3 http://www.debian.org/security/2017/dsa-3791 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 http://www.openwall.com/lists/oss-security/2017/01/19/2 http://www.securityfocus.com/bid/95673 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://bugzilla.redhat.com/show_bug.cgi?id=1414735 https:/ • CWE-250: Execution with Unnecessary Privileges •