Page 470 of 2784 results (0.023 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. La función atl2_probe en drivers/net/ethernet/atheros/atlx/atl2.c en el kernel de Linux hasta la versión 4.5.2 activa incorrectamente scatter/gather I/O, lo que permite a atacantes remotos obtener información sensible de la memoria del kernel leyendo datos de paquete. It was discovered that the atl2_probe() function in the Atheros L2 Ethernet driver in the Linux kernel incorrectly enabled scatter/gather I/O. A remote attacker could use this flaw to obtain potentially sensitive information from the kernel memory. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8 http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.debian.org/security/2016/dsa-3607 http://www.openwall.com/lists/oss-security/2016/03/16/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.secu • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 0

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. Múltiples condiciones de carrera en la implementación del sistema de archivos ext4 en el kernel de Linux en versiones anteriores a 4.5 permite a usuarios locales provocar una denegación de servicio (corrupción de disco) escribiendo a una página que está asociada con un archivo de usuario diferente después del manejo de hole punching desincronizado y de fallo de página. A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b http://www.openwall.com/lists/oss-security/2016/04/01/4 http://www.securityfocus.com/bid/85798 http://www.securitytracker.com/id/1035455 http://www.ubuntu.com/usn/USN-3005-1 http://www.ubuntu.com/usn/USN-3006-1 http://www.ubuntu.com/usn/USN-3007-1 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https:& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. El módulo aufs para el kernel de Linux 3.x y 4.x no restringe correctamente el espacio de nombres de montaje, lo que permite a usuarios locales obtener privilegos montando un sistema de archivos aufs sobre un sistema de archivos FUSE y luego ejecutando un programa setuid manipulado. AUFS (Ubuntu 15.10) suffers from an allow_userns fuse/xattr user namespaces privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41761 http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces http://www.openwall.com/lists/oss-security/2016/02/24/9 http://www.openwall.com/lists/oss-security/2021/10/18/1 http://www.securityfocus.com/bid/96839 https://sourceforge.net/p/aufs/mailman/message/34864744 • CWE-269: Improper Privilege Management •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. La implementación de xsave/xrstor en arch/x86/include/asm/xsave.h en el kernel de Linux en versiones anteriores a 3.19.2 crea determinados punteros .altinstr_replacement y consecuentemente no provee ninguna protección contra fallo de instrucciones, lo que permite a usuarios locales provocar una denegación de servicio (pánico) desencadenando un fallo, según lo demostrado por un operando de memoria no alineada o un operando de dirección de memoria no canónico. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.2 http://www.openwall.com/lists/oss-security/2015/03/22/1 https://bugzilla.redhat.com/show_bug.cgi?id=1204729 https://github.com/torvalds/linux/commit/06c8173eb92bbfc03a0fe8bb64315857d0badd06 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. La función netlink_sendmsg en net/netlink/af_netlink.c en el kernel de Linux en versiones anteriores a 3.5.5 no valida el campo dst_pid, lo que permite a usuarios locales tener un impacto no especificado suplantando mensajes Netlink. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef http://marc.info/?l=linux-netdev&m=134522422125983&w=2 http://marc.info/?l=linux-netdev&m=134522422925986&w=2 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5 http://www.openwall.com/lists/oss-security/2015/02/22/10 http://www.securityfocus.com/bid/72739 https://bugzilla.redhat.com/show_bug.cgi?id=848949 https://github.com/torvalds/linux/com • CWE-284: Improper Access Control •