CVE-2017-15115
https://notcve.org/view.php?id=CVE-2017-15115
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. La función sctp_do_peeloff en net/sctp/socket.c en el kernel de Linux en versiones anteriores a la 4.14 no comprueba si el netns planeado se emplea en una acción peel-off, lo que permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del sistema) o, posiblemente, otro impacto sin especificar mediante llamadas del sistema manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://seclists.org/oss-sec/2017/q4/282 http://www.securityfocus.com/bid/101877 https://bugzilla.redhat.com/show_bug.cgi?id=1513345 https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://patchwork.ozlabs.org/patch • CWE-416: Use After Free •
CVE-2017-16643
https://notcve.org/view.php?id=CVE-2017-16643
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. La función parse_hid_report_descriptor en drivers/input/tablet/gtco.c en el kernel de Linux, en versiones anteriores a la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. • http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101769 https://github.com/torvalds/linux/commit/a50829479f58416a013a4ccca791336af3c584c7 https://groups.google.com/d/msg/syzkaller/McWFcOsA47Y/3bjtBBgaBAAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1 • CWE-125: Out-of-bounds Read •
CVE-2017-16648 – kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c
https://notcve.org/view.php?id=CVE-2017-16648
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. La función dvb_frontend_free en drivers/media/dvb-core/dvb_frontend.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. NOTA: la función fue posteriormente renombrada como __dvb_frontend_free. The dvb frontend management subsystem in the Linux kernel contains a use-after-free which can allow a malicious user to write to memory that may be assigned to another kernel structure. • http://www.securityfocus.com/bid/101758 https://access.redhat.com/errata/RHSA-2018:2948 https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ https://patchwork.kernel.org/patch/10046189 https://access.redhat.com/security/cve/CVE-2017-16648 https://bugzilla.redhat.com/show_bug.cgi?id=1516257 • CWE-416: Use After Free •
CVE-2017-16644
https://notcve.org/view.php?id=CVE-2017-16644
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. La función hdpvr_probe en drivers/media/usb/hdpvr/hdpvr-core.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (gestión incorrecta de errores y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. • http://www.securityfocus.com/bid/101842 https://groups.google.com/d/msg/syzkaller/ngC5SLvxPm4/gduhCARhAwAJ https://patchwork.kernel.org/patch/9966135 https://usn.ubuntu.com/3754-1 https://www.debian.org/security/2017/dsa-4073 • CWE-388: 7PK - Errors •
CVE-2017-15306 – Kernel: KVM: oops when checking KVM_CAP_PPC_HTM on PPC platform
https://notcve.org/view.php?id=CVE-2017-15306
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. La función kvm_vm_ioctl_check_extension en arch/powerpc/kvm/powerpc.c en el kernel de Linux, en versiones anteriores a la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) mediante una llamada ioctl KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM a /dev/kvm. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c18c01745bbd3c47a36b124e5fd8c0 http://openwall.com/lists/oss-security/2017/11/06/6 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101693 https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0 https://access.redhat.com/security/cve/CVE-2017-15306 https://bugzilla.redhat.com/show_bug.cgi?id=1510399 • CWE-476: NULL Pointer Dereference •