Page 450 of 3731 results (0.015 seconds)

CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 0

CVE-2017-16914

https://notcve.org/view.php?id=CVE-2017-16914

The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. La función "stub_send_ret_submit()" (drivers/usb/usbip/stub_tx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.107, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante un USB especialmente manipulado en un paquete IP. • http://www.securityfocus.com/bid/102150 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a https://lists.debian.org/debian-lts • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-6412

https://notcve.org/view.php?id=CVE-2018-6412

In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. En la función sbusfb_ioctl_helper() en drivers/video/fbdev/sbuslib.c en el kernel de Linux hasta la versión 4.15, un error en la propiedad signedness de un número entero permite la fuga de información arbitraria para los comandos FBIOPUTCMAP_SPARC y FBIOGETCMAP_SPARC. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bde https://marc.info/?l=linux-fbdev&m=151734425901499&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2017-18079

https://notcve.org/view.php?id=CVE-2017-18079

drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. drivers/input/serio/i8042.c en el kernel de Linux en versiones anteriores a la 4.12.4 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que, posiblemente, tengan otro tipo de impacto sin especificar debido a que el valor port->exists puede cambiar tras ser validado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226 http://www.securityfocus.com/bid/102895 https://github.com/torvalds/linux/commit/340d394a789518018f834ff70f7534fc463d3226 https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0

CVE-2018-5750 – kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass

https://notcve.org/view.php?id=CVE-2018-5750

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. La función acpi_smbus_hc_add en drivers/acpi/sbshc.c en el kernel de Linux hastas la versión 4.14.15 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg de una llamada SBS HC printk. The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. • http://www.securitytracker.com/id/1040319 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:2948 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://patchwork.kernel.org/patch/10174835 https://usn.ubuntu.com/3631-1 https://usn.ubuntu.com/3631-2 https://usn.ubuntu.com/3697-1 https://usn.ubuntu.com/3697-2 https://usn.ubuntu.com/3698-1 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2017-18075 – kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service

https://notcve.org/view.php?id=CVE-2017-18075

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. crypto/pcrypt.c en el kernel de Linux en versiones anteriores a la 4.14.13 gestiona de manera incorrecta la liberación de instancias, lo que permite que un usuario local acceda a la interfaz AEAD basada en AF_ALG (CONFIG_CRYPTO_USER_API_AEAD) y pcrypt (CONFIG_CRYPTO_PCRYPT) para provocar una denegación de servicio (kfree de un puntero incorrecto) o, posiblemente, causar otro tipo de impacto sin especificar mediante la ejecución de una secuencia manipulada de llamadas del sistema. crypto/pcrypt.c in the Linux kernel, before 4.14.13, mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68 http://www.securityfocus.com/bid/102813 https://access.redhat.com/errata/RHSA-2018:2948 https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13 https://access.redhat.com/security/cve/CVE-2017-18075 https://bugzilla.redhat.com&#x • CWE-628: Function Call with Incorrectly Specified Arguments CWE-763: Release of Invalid Pointer or Reference •