Page 460 of 2975 results (0.018 seconds)

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 2

CVE-2015-1805 – kernel: pipe: iovec overrun leading to memory corruption

https://notcve.org/view.php?id=CVE-2015-1805

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." Vulnerabilidad en las implementaciones (1) pipe_read y (2) pipe_write en fs/pipe.c en el kernel de Linux en versiones anteriores a 3.16, no considera correctamente los efectos secundarios de llamadas __copy_to_user_inatomic y __copy_from_user_inatomic fallidas, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios a través de una aplicación manipulada, también conocida como una 'saturación del array del vector I/O'. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • https://github.com/panyu6325/CVE-2015-1805 https://github.com/ireshchaminda1/Android-Privilege-Escalation-Remote-Access-Vulnerability-CVE-2015-1805 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html • CWE-17: DEPRECATED: Code •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-9710

https://notcve.org/view.php?id=CVE-2014-9710

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit. La implementación Btrfs en el kernel de Linux anterior a 3.19 no asegura que el estado xattr visible sea consistente con un remplazo solicitado, lo que permite a usuarios locales evadir las configuraciones ACL y ganar privilegios a través de las operaciones del sistema de ficheros estándares (1) durante una ventana de tiempo de remplazo de xattr, relacionado con una condición de carrera o (2) después de intento de remplazo de xattr que falla porque la fecha no encaja. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html http://www.openwall.com/lists/oss-security/2015/03/24/11 http://www.securitytracker.com/id/1032418 https://bugzilla.redhat.com/show_bug.cgi?id=1205079 https://github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 1.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-2830 – kernel: int80 fork from 64-bit tasks mishandling

https://notcve.org/view.php?id=CVE-2015-2830

arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. arch/x86/kernel/entry_64.S en el kernel de Linux anterior a 3.19.2 no impide que el indicador TS_COMPAT llegue a una tarea de modo de usuario, lo que podría permitir a usuarios locales evadir el mecanismo de protección de seccomp o de auditoria a través de una aplicación manipulada que utiliza la llamada de sistema (1) bifurcada o (2) cerrada, tal y como fue demostrado por un ataque sobre seccomp anterior a 3.16. A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=956421fbb74c3a6261903f3836c0740187cf038b http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1137.html http://rhn.redhat.com/errata/RHSA-2015-1138.html http://rhn.redhat.com/errata/RHSA-2015-1221.html http& • CWE-264: Permissions, Privileges, and Access Controls CWE-393: Return of Wrong Status Code •

CVSS: 3.3EPSS: 1%CPEs: 9EXPL: 2

CVE-2015-2922 – kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.

https://notcve.org/view.php?id=CVE-2015-2922

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La función ndisc_router_discovery en net/ipv6/ndisc.c en la implementación de protocolo Neighbor Discovery (ND) en la pila IPv6 en el kernel de Linux anterior a 3.19.6 permite a atacantes remotos reconfigurar una configuración 'hop-limit' a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http:&# • CWE-17: DEPRECATED: Code CWE-454: External Initialization of Trusted Variables or Data Stores •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-9715 – kernel: netfilter connection tracking extensions denial of service

https://notcve.org/view.php?id=CVE-2014-9715

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment. include/net/netfilter/nf_conntrack_extend.h en el subsistema netfilter en el kernel de Linux anterior a 3.14.5 utiliza un tipo de datos insuficientemente grande para ciertos datos de extensión, lo que permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y OOPS) a través de trafico de red saliente que provoca la carga de extensiones, tal y como fue demostrado mediante la configuración de un túnel PPTP en un entorno NAT. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279 http://marc.info/?l=netfilter-devel&m=140112364215200&w=2 http://rhn.redhat.com/errata/RHSA-2015-1534.html http://rhn.redhat.com/errata/RHSA-2015-1564.html http://www.debian.org/security/2015/dsa-3237 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5 http://www.openwall.com/lists/oss-security/2015/04/08/1 http://www.oracle.com/te • CWE-841: Improper Enforcement of Behavioral Workflow •