Page 463 of 2604 results (0.020 seconds)

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1

CVE-2014-6410 – kernel: udf: Avoid infinite loop when processing indirect ICBs

https://notcve.org/view.php?id=CVE-2014-6410

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. La función __udf_read_inode en fs/udf/inode.c en el kernel de Linux hasta 3.16.3 no restringe la cantidad de indirección ICB, lo que permite a atacantes físicamente próximos causar una denegación de servicio (bucle infinito o consumo de la pila) a través de un sistema de ficheros UDF con un inodo manipulado. A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c03aa9f6e1f938618e6db2e23afef0574efeeb65 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://marc.info/?l=bugtraq&m=142722450701342&w=2 http://marc.info/?l=bugtraq&m=142722544401658&w=2 http://rhn.redhat.com/errata/RHSA-2014-1318.html http://www.openwall.com/lists/oss-security/2014/09/15/9 http: • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1

CVE-2014-5472 – kernel: isofs: unbound recursion when processing relocated directories

https://notcve.org/view.php?id=CVE-2014-5472

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux hasta 3.16.1 permite a usuarios locales causar una denegación de servicio (un proceso de montaje imparable) a través de un imagen iso9660 manipulado con una entrada CL de auto referencia. It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.in • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1

CVE-2014-3601 – kernel: kvm: invalid parameter passing in kvm_iommu_map_pages()

https://notcve.org/view.php?id=CVE-2014-3601

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. La función kvm_iommu_map_pages en virt/kvm/iommu.c en el kernel de Linux hasta 3.16.1 calcula erróneamente el número de las páginas durante el manejo de un fallo en las asignaciones, lo que permite a usuarios del sistema operativo invitado (1) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) o posiblemente tener otro impacto no especificado mediante la provocación de un valor gfn grande o (2) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) mediante la provocación de un valor gfn pequeño que conduce a páginas fijadas (pinned) permanentemente. A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://secunia.com/advisories/60830 http://www.securityfocus.com/bid/69489 http://www.ubuntu.com/usn/USN-2356-1 http://www.ubuntu.com/usn/USN-2357&# • CWE-189: Numeric Errors •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1

CVE-2014-5471 – kernel: isofs: unbound recursion when processing relocated directories

https://notcve.org/view.php?id=CVE-2014-5471

Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. Vulnerabilidad de consumo de pila en la función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux hasta 3.16.1 permite a usuarios locales causar una denegación de servicio (recursividad sin control y caída o reinicio del sistema) a través de un imagen iso9660 manipulado con una entrada CL que se refiere a una entrada del directorio que tiene una entrada CL. It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.in • CWE-399: Resource Management Errors •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 3

CVE-2014-5207 – Linux Kernel < 3.16.1 - 'Remount FUSE' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2014-5207

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. fs/namespace.c en el kernel de Linux hasta 3.16.1 no restringe debidamente la limpieza MNT_NODEV, MNT_NOSUID, y MNT_NOEXEC y el cambio MNT_ATIME_MASK durante un remontaje de un montaje bind, lo que permite a usuarios locales ganar privilegios, interferir con copias de seguridad y auditoria en sistemas que tenían atime habilitado, o causar una denegación de servicio (la actualización excesiva de sistemas de ficheros) en sistemas que tenían atime deshabilitado a través de un comando 'mount -o remount' dentro de un espacio para el nombre del usuario. • https://www.exploit-db.com/exploits/34923 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705 http://osvdb.org/show/osvdb/110055 http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html http://seclists.org/oss-sec/2014/q3/352 http://www.exploit-db.com/exploits/34923 http://www.openwall.com/lists/oss-security/2014/08/13/4 http://www.securityfocus.com/bid/69216 http:/& • CWE-269: Improper Privilege Management •