Page 457 of 2784 results (0.015 seconds)

CVSS: 10.0EPSS: 3%CPEs: 12EXPL: 0

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. Vulnerabilidad de uso después de liberación de memoria en la función the __sys_recvmmsg en net/socket.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una llamada al sistema recvmmsg que no es manejada correctamente durante el procesamiento del error. A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d http://rhn.redhat.com/errata/RHSA-2016-2962.html http://rhn.redhat.com/errata/RHSA-2017-0031.html http://rhn.redhat.com/errata/RHSA-2017-0036.html http://rhn.redhat.com/errata/RHSA-2017-0065.html http://rhn.redhat.com/errata/RHSA-2017-0086.html http://rhn.redhat.com/errata/RHSA-2017-0091.html http://rhn.redhat.com/errata/RHSA-2017-0113.html http://rhn. • CWE-19: Data Processing Errors CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. La función tcp_check_send_head en include/net/tcp.h en el kernel de Linux en versiones anteriores a 4.7.5 no mantiene adecuadamente cierto estado SACK tras una copia de datos fallida, lo que permite a usuarios locales provocar una denegación de servicio (uso después de liberación de memoria tcp_xmit_retransmit_queue y caída de sistema ) a través de una opción SACK manipulada. A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. • https://www.exploit-db.com/exploits/40731 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4 http://rhn.redhat.com/errata/RHSA-2017-0036.html http://rhn.redhat.com/errata/RHSA-2017-0086.html http://rhn.redhat.com/errata/RHSA-2017-0091.html http://rhn.redhat.com/errata/RHSA-2017-0113.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5 http://www.openwall.com/lists/oss-security/2016/08/15/ • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. Múltiples desbordamientos de entero en el controlador MDSS para el kernel 3.x de Linux, tal como se utiliza en contribuciones Qualcomm Innovation Center (QuIC) Android para dispositivos MSM y otros productos, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor de gran tamaño, relacionado con mdss_compat_utils.c, mdss_fb.c y mdss_rotator.c. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92695 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7 https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. Desbordamiento de búfer basado en memoria dinámica en la función wcnss_wlan_write en drivers/net/wireless/wcnss/wcnss_wlan.c en el controlador de dispositivo wcnss_wlan para el kernel 3.x de Linux, según se utiliza en contribuciones Qualcomm Innovation Center (QuIC) Android para dispositivos MSM y otros productos, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto no especificado escribiendo a /dev/wcnss_wlan con una cantidad de datos inesperada. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92693 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=579e796cb089324c55e0e689a180575ba81b23d9 https://www.codeaurora.org/buffer-overflow-vulnerability-wcnsswlanwrite-cve-2016-5342 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer. sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c en el controlador de audio MSM QDSP6 para el kernel de Linux 3.x, como se usa en contribuciones Qualcomm Innovation Center (QuIC) Android para dispositivos MSM y otros productos, permite a atacantes provocar una denegación de servicio (escritura fuera de límites y corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una aplicación manipulada que hace una llamada ioctl desencadenando uso incorrecto de un puntero de parámetros. • http://www.securityfocus.com/bid/92376 https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88 https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve • CWE-787: Out-of-bounds Write •