Page 470 of 2662 results (0.021 seconds)

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. sound/usb/mixer.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada snd_usb_mixer_interrupt y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. • https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4 https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1 • CWE-416: Use After Free •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. La función cx231xx_usb_probe en drivers/media/usb/cx231xx/cx231xx-cards.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. • https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://patchwork.kernel.org/patch/9963527 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3754-1 • CWE-476: NULL Pointer Dereference •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). drivers/media/usb/dvb-usb-v2/lmedm04.c en el kernel de Linux hasta la versión 4.13.10 permite que los usuarios locales provoquen una denegación de servicio (fallo de protección general y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. Esto está relacionado con la falta de una comprobación de arranque en caliente y una sincronización incorrecta de attach (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ https://patchwork.linuxtv.org/patch/44566 https://patchwork.linuxtv.org/patch/44567 https://usn.ubuntu.com/3631-1 https://usn.ubuntu.com/3631-2 https://usn.ubuntu.com/3754-1 https://www.debian.org/security/2017/dsa-4073 https://www.debian.org/security/2018/dsa-4082 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0

The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. La función usb_serial_console_disconnect en drivers/usb/serial/console.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. Esto está relacionado con desconexión y fallo de instalación. • http://www.securityfocus.com/bid/102028 https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047 https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787 https://groups.google.com/d/msg/syzkaller/cMACrmo1x0k/4KhRoUgABAAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a una gestión incorrecta de las estructuras de datos packet_fanout. Esto se debe a una condición de carrera (que afecta a fanout_add y packet_do_bind) que da lugar a un uso de memoria previamente liberada. Esta vulnerabilidad es diferente de CVE-2017-6346. It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. • https://www.exploit-db.com/exploits/44053 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e http://patchwork.ozlabs.org/patch/813945 http://patchwork.ozlabs.org/patch/818726 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6 http://www.securityfocus.com/bid/101573 https://access.redhat.com/errata/RHSA- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •