CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0331
https://notcve.org/view.php?id=CVE-2017-0331
02 May 2017 — An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.6EPSS: 0%CPEs: 11EXPL: 0CVE-2014-9940 – Ubuntu Security Notice USN-3343-2
https://notcve.org/view.php?id=CVE-2014-9940
02 May 2017 — The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. La función regulator_ena_gpio_free en drivers/regulator/core.c en el kernel de Linux anterior a la versión 3.19 permite a usuarios locales elevar sus privilegios o provocar una denegación de servicio (uso después de liberación) a través de una aplicación especialmente diseñada para aprovechar el fallo. ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba • CWE-416: Use After Free •
CVSS: 10.0EPSS: 88%CPEs: 8EXPL: 0CVE-2017-7895 – kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests
https://notcve.org/view.php?id=CVE-2017-7895
28 Apr 2017 — The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. Las implementaciones de los servidores NFSv2 y NFSv3 en versiones del kernel de Linux 4.10.13 y anteriores, no realizan ciertas comprobaciones de la parte final de un búfer lo que permitiría a atacantes rem... • http://www.debian.org/security/2017/dsa-3886 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7477 – kernel: net: Heap overflow in skb_to_sgvec in macsec.c
https://notcve.org/view.php?id=CVE-2017-7477
25 Apr 2017 — Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. Un desbordamiento de buffer basado en memoria dinámica en drivers/net/macsec.c del módulo MACsec en el kernel del Linux hasta la versión 4.10.12, permitiría a los ataca... • http://www.securityfocus.com/bid/98014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 64EXPL: 0CVE-2017-8106
https://notcve.org/view.php?id=CVE-2017-8106
24 Apr 2017 — The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer. La función handle_invept de arch/x86/kvm/vmx.c del Kernel de Linux, versiones 3.12 a 3.15, permite a los usuarios privilegiados del sistema operativo huésped de KVM causar una denegación de servicio (referencia a puntero nulo y caída del sistema ope... • https://bugzilla.kernel.org/show_bug.cgi?id=195167 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6761
https://notcve.org/view.php?id=CVE-2007-6761
24 Apr 2017 — drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. drivers/media/video/videobuf-vmalloc.c en el kernel de Linux en versiones anteriores a 2.6.24 no inicializa las estructuras de datos videobuf_mapping, lo que permite a usuarios locales desencadenar un valor de recuento incorrecto y una... • http://www.linuxgrill.com/anonymous/kernel/v2.6/ChangeLog-2.6.24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5321
https://notcve.org/view.php?id=CVE-2010-5321
24 Apr 2017 — Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsiste... • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5329
https://notcve.org/view.php?id=CVE-2010-5329
24 Apr 2017 — The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value. La función video_usercopy en drivers/media/video/v4l2-ioctl.c en el kernel de Linux en versiones anteriores a 2.6.39 se basa en el valor de conteo de una estructura de datos v4l2_ext_controls para determinar un tamaño de k... • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8063 – Ubuntu Security Notice USN-3314-1
https://notcve.org/view.php?id=CVE-2017-8063
23 Apr 2017 — drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. drivers/media/usb/dvb-usb/cxusb.c en el kernel de Linux 4.9.x y 4.10.x en versiones anteriores a 4.10.12 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, que permite a usuarios... • http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.12 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-8071
https://notcve.org/view.php?id=CVE-2017-8071
23 Apr 2017 — drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors. drivers/hid/hid-cp2112.c en el kernel de Linux 4.9.x en versiones anteriores a 4.9.9 utiliza un spinlock sin considerar que es posible el sleeping en una solicitud de devolución de llamada en HID USB, lo que permite a los usuarios locales provocar una denegación de... • http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9 • CWE-404: Improper Resource Shutdown or Release •