CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 2CVE-2014-2851 – Linux Kernel - 'group_info' refcounter Overflow Memory Corruption
https://notcve.org/view.php?id=CVE-2014-2851
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. Desbordamiento de enteros en la función ping_init_sock en net/ipv4/ping.c en el kernel de Linux hasta 3.14.1 permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída de sistema) o posiblemente ganar privilegios a través de una aplicación manipulada que aprovecha un contador de referencia manejado indebidamente. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • https://www.exploit-db.com/exploits/32926 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.debian.org/security/2014/dsa-2926 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securityfocus.com/bid/66779 http://www.securitytracker.com/id/1030769 https://bugzilla.redhat.com/show_bug.cgi?id=1086730 https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac https://lkml.org& • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 322EXPL: 0CVE-2013-7348
https://notcve.org/view.php?id=CVE-2013-7348
Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function. Vulnerabilidad de doble liberación en la función ioctx_alloc en fs/aio.c en el kernel de Linux anterior a 3.12.4 permite a usuarios locales causar una denegación de servicio (caída de sistema) o posiblemente otro impacto no especificado a través de vectores involucrando una condición de error en la función aio_setup_ring. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d558023207e008a4476a3b7bb8706b2a2bf5d84f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 http://www.openwall.com/lists/oss-security/2014/03/31/10 https://github.com/torvalds/linux/commit/d558023207e008a4476a3b7bb8706b2a2bf5d84f • CWE-399: Resource Management Errors •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2678 – kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()
https://notcve.org/view.php?id=CVE-2014-2678
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_iw_laddr_check en net/rds/iw.c en el kernel de Linux hasta 3.14 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída de sistema) o posiblemente tener otro impacto no especificado a través de una llamada de sistema bind para un socket RDS en un sistema que carece de transportes RDS. A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. • http://linux.oracle.com/errata/ELSA-2014-0926-1.html http://linux.oracle.com/errata/ELSA-2014-0926.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html http://secunia.com/advisories/59386 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 http://www.openwall.com/lists/oss-security/2014/03/31/10 http://www.securityfocus.com/bid/66543 https://lkml.org/lkml/2014/3/29/188 https://access.redhat.com/security/cve/CV • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2673 – kernel: powerpc: tm: crash when forking inside a transaction
https://notcve.org/view.php?id=CVE-2014-2673
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. La función arch_dup_task_struct en la implementación Transactional Memory (TM) en arch/powerpc/kernel/process.c en el kernel de Linux anterior a 3.13.7 en la plataforma powerpc no interactúa debidamente con las llamadas de sistema clon y fork, lo que permite a usuarios locales causar una denegación de servicio (comprobación de programa y caída de sistema) a través de ciertas instrucciones que son ejecutadas con el procesador en el estado transaccional. A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=621b5060e823301d0cba4cb52a7ee3491922d291 http://secunia.com/advisories/57436 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 http://www.openwall.com/lists/oss-security/2014/03/30/5 http://www.securityfocus.com/bid/66477 https://exchange.xforce.ibmcloud.com/vulnerabilities/92113 https://github.com/torvalds/linux/commit/621b5060e823301d0cba4cb52a7ee3491922d291 https://www.kernel.org/pub/linux/kernel/ • CWE-20: Improper Input Validation •
CVSS: 2.9EPSS: 0%CPEs: 2EXPL: 1CVE-2014-2568 – kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied
https://notcve.org/view.php?id=CVE-2014-2568
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced. Vulnerabilidad de uso después de liberación en la función nfqnl_zcopy en net/netfilter/nfnetlink_queue_core.c en el kernel de Linux hasta 3.13.6 permite a atacantes obtener información sensible de la memoria del kernel mediante el aprovechamiento de la ausencia de cierta operación huérfana. NOTA: el código afectado fue trasladado a la función skb_zerocopy en net/core/skbuff.c antes de que la vulnerabilidad fue anunciada. • http://seclists.org/oss-sec/2014/q1/627 http://secunia.com/advisories/59599 http://www.openwall.com/lists/oss-security/2014/03/20/16 http://www.securityfocus.com/bid/66348 http://www.ubuntu.com/usn/USN-2240-1 https://bugzilla.redhat.com/show_bug.cgi?id=1079012 https://exchange.xforce.ibmcloud.com/vulnerabilities/91922 https://lkml.org/lkml/2014/3/20/421 https://access.redhat.com/security/cve/CVE-2014-2568 • CWE-416: Use After Free •