Page 466 of 2733 results (0.014 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. kernel/bpf/verifier.c en el kernel de Linux hasta la versión 4.14.8 ignora el código inalcanzable, incluso aunque sea procesado por compiladores en tiempo de ejecución o JIT. Este comportamiento, que también se considera un problema de lógica de poda de ramas incorrecta, podría ser utilizado por usuarios locales para provocar una denegación de servicio (DoS). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467 http://www.securityfocus.com/bid/102325 http://www.securitytracker.com/id/1040057 https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/usn/ • CWE-20: Improper Input Validation •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." kernel/bpf/verifier.c en el kernel de Linux hasta la versión 4.14.8 gestiona de manera incorrecta las comparaciones states_equal entre el tipo de datos del puntero y el tipo de datos UNKNOWN_VALUE, lo que permite que usuarios locales obtengan información de direcciones sensible. Esto también se conoce como "pointer leak". • http://www.securityfocus.com/bid/102320 http://www.securitytracker.com/id/1040059 https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=stretch-security&id=ad775f6ff7eebb93eedc2f592bc974260e7757b0 https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch?h=stretch-security https://usn.ubuntu.com/usn/usn-3523-2 https://www.debian.org/security/2017/dsa-4073 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. La función raw_sendmsg() en net/ipv4/raw.c en el kernel de Linux hasta la versión 4.14.6 tiene una condición de carrera en inet->hdrincl que conduce al uso de un puntero de pila no inicializado. Esto permite que un usuario local ejecute código y obtenga privilegios. A flaw was found in the Linux kernel's implementation of raw_sendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of creating raw sockets, can abuse a possible race condition when setting the socket option to allow the kernel to automatically create ip header values and thus potentially escalate their privileges. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483 https://access.redhat.com/errata/RHSA-2018:0502 https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483 https://source.android.com/security/bulletin/pixel/2018-04-01 https://usn.ubuntu.com/3581-1 https://usn.ubuntu.com/3581-2 https://usn.ubuntu.com/3581-3 https://usn.ubuntu.com/3582-1 https://usn.ubuntu.com/3582-2 https://www.debian.org/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. La función usb_destroy_configuration en drivers/usb/core/config.c en el subsistema del núcleo USB en el kernel de Linux hasta la versión 4.14.5 no considera el máximo número de configuraciones e interfaces antes de intentar liberar recursos. Esto permite que usuarios locales provoquen una denegación de servicio (acceso de escritura fuera de límites) o, posiblemente, tengan otro tipo de impacto sin especificar mediante un dispositivo USB manipulado. The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://openwall.com/lists/oss-security/2017/12/12/7 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. • http://seclists.org/oss-sec/2017/q4/357 http://www.securityfocus.com/bid/102101 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://access.redhat.com/errata/RHSA-2018:1319 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •