Page 451 of 2837 results (0.031 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versiones anteriores a la 4.13.11 gestiona de manera incorrecta la división de nodos, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y pánico) mediante una aplicación manipulada, tal y como demuestra el tipo de clave de conjunto de claves, así como las operaciones de suma de claves y creación de enlaces. A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101678 https://access.redhat.com/errata/RHSA-2018:0151 https://bugzilla.redhat.com/show_bug.cgi?id=1501215 https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b https://usn.ubuntu.com/3698-1 https://usn.ubuntu.com/3698-2 https://access.redhat.com/secu • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. Las funciones bio_map_user_iov y bio_unmap_user en block/bio.c en el kernel de Linux en versiones anteriores a la 4.13.8 realizan un refcount no equilibrado cuando un vector SCSI I/O tiene búferes pequeños consecutivos que pertenecen a la misma página. La función bio_add_pc_page los combina en uno solo, pero la referencia de la página nunca se anula. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467 http://seclists.org/oss-sec/2017/q4/52 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 http://www.securityfocus.com/bid/101911 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat&# • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. La función sctp_do_peeloff en net/sctp/socket.c en el kernel de Linux en versiones anteriores a la 4.14 no comprueba si el netns planeado se emplea en una acción peel-off, lo que permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del sistema) o, posiblemente, otro impacto sin especificar mediante llamadas del sistema manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://seclists.org/oss-sec/2017/q4/282 http://www.securityfocus.com/bid/101877 https://bugzilla.redhat.com/show_bug.cgi?id=1513345 https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://patchwork.ozlabs.org/patch • CWE-416: Use After Free •

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. La función tower_probe en drivers/usb/misc/legousbtower.c en el kernel de Linux en versiones anteriores a la 4.8.1 permite que usuarios locales (que estén tan cerca físicamente como para insertar un dispositivo USB manipulado) obtengan privilegios aprovechando una condición de write-what-where que ocurre tras una condición de carrera y una desreferencia de puntero NULL • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2fae9e5a7babada041e2e161699ade2447a01989 http://seclists.org/oss-sec/2017/q4/238 http://www.securityfocus.com/bid/101790 https://bugzilla.redhat.com/show_bug.cgi?id=1505905 https://github.com/torvalds/linux/commit/2fae9e5a7babada041e2e161699ade2447a01989 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-476: NULL Pointer Dereference •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. La función dvb_frontend_free en drivers/media/dvb-core/dvb_frontend.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. NOTA: la función fue posteriormente renombrada como __dvb_frontend_free. The dvb frontend management subsystem in the Linux kernel contains a use-after-free which can allow a malicious user to write to memory that may be assigned to another kernel structure. • http://www.securityfocus.com/bid/101758 https://access.redhat.com/errata/RHSA-2018:2948 https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ https://patchwork.kernel.org/patch/10046189 https://access.redhat.com/security/cve/CVE-2017-16648 https://bugzilla.redhat.com/show_bug.cgi?id=1516257 • CWE-416: Use After Free •