Page 451 of 2874 results (0.032 seconds)

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278. • http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. La función vmw_gb_surface_define_ioctl (accesible mediante DRM_IOCTL_VMW_GB_SURFACE_CREATE) eb drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el Kernel de Linux hasta la 4.11.4 define una variable backup_handle pero no da un valor inicial. Si uno intenta crear una superficie GB, con una colocación previa del buffer DMA va ser usado como un buffer backup, la variable backup_handle no consigue escritura, y después es devuelto al espacio de usuario, permitiendo a los usuarios locales obtener información sensible de la memoria del kernel no inicializada mediante la manipulación de la llamada ioctl. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07678eca2cf9c9a18584e546c2b2a0d0c9a3150c http://www.debian.org/security/2017/dsa-3927 http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/99095 https://github.com/torvalds/linux/commit/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. Se ha descubierto en el kernel de Linux en versiones anteriores a la 4.11-rc8 que root puede obtener acceso directo a un keyring interno, como ".dns_resolver" en RHEL-7 o el upstream ".builtin_trusted_keys" uniéndose a él como su keyring de sesión. Esto permite que root omita la verificación de firmas del módulo añadiendo una nueva clave pública de su propia elaboración al keyring. It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. • http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html http://www.securityfocus.com/bid/102135 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.novell.com/show_bug.cgi?id=1035576 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2 • CWE-347: Improper Verification of Cryptographic Signature CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. La función __ip6_append_data en el archivo net/ipv6/ip6_output.c en el kernel de Linux hasta versión 4.11.3, es demasiado tardía para comprobar si se puede sobrescribir una estructura de datos skb, lo que permite a los usuarios locales causar una denegación de servicio (bloqueo del sistema) por medio de unas llamadas de sistema diseñadas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a http://www.debian.org/security/2017/dsa-3886 http://www.securityfocus.com/bid/98731 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a https://patchwork.ozlabs.org/patch/764880 https://access.redhat.com/security/cve/CVE-2017-9242 https://bugzilla.redhat.com/ • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. La función crypto_skcipher_init_tfm en el archivo crypto/skcipher.c en el kernel de Linux hasta versión 4.11.2, se basa en una función setkey que carece de una comprobación de tamaño de clave, que permite a los usuarios locales causar una denegación de servicio (desreferencia de puntero NULL) por medio de una aplicación especialmente diseñada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9933e113c2e87a9f46a40fde8dafbf801dca1ab9 https://github.com/torvalds/linux/commit/9933e113c2e87a9f46a40fde8dafbf801dca1ab9 https://patchwork.kernel.org/patch/9718933 • CWE-476: NULL Pointer Dereference •