CVSS: 2.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0131
https://notcve.org/view.php?id=CVE-2014-0131
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. Vulnerabilidad de uso después de liberación en la función skb_segment en net/core/skbuff.c en el kernel de Linux hasta 3.13.6 permite a atacantes obtener información sensible de la memoria del kernel mediante el aprovechamiento de la ausencia de cierta operación huérfana. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fd819ecb90cc9b822cd84d3056ddba315d3340f http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.openwall.com/lists/oss-security/2014/03/10/4 http://www.spinics.net/lists/netdev/msg274250.html http://www.spinics.net/lists/netdev/msg274316.html https://bugzilla.redhat.com/show_bug.cgi?id=1074589 https:// • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2013-7339 – kernel: net: rds: dereference of a NULL device in rds_ib_laddr_check()
https://notcve.org/view.php?id=CVE-2013-7339
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_ib_laddr_check en net/rds/ib.c en el kernel de Linux anterior a 3.12.8 permite a usuarios locales causar una denegación de servicio (referencia de puntero nulo y caída de sistema) o posiblemente tener otro impacto no especificado a través de una llamada de sistema bind para un socket RDS en un sistema que carece de transportes RDS. A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2349758acf1874e4c2b93fe41d072336f1a31d0 http://secunia.com/advisories/59386 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8 http://www.openwall.com/lists/oss-security/2014/03/20/14 http://www.securityfocus.com/bid/66351 https://bugzilla.redhat.com/show_bug.cgi?id=1079214 https://github.com/torvalds/linux/commit/c2349758acf1874e4c2b93fe41d072336f1a31d0 https://access.redhat.com/security/cve/CVE&# • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 7%CPEs: 6EXPL: 0CVE-2014-2523 – kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
https://notcve.org/view.php?id=CVE-2014-2523
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. net/netfilter/nf_conntrack_proto_dccp.c en el kernel de Linux hasta 3.13.6 utiliza un puntero de cabecera DCCP incorrectamente, lo que permite a atacantes remotos causar una denegación de servicio (caída de sistema) o posiblemente ejecutar código arbitrario a través de un paquete DCCP que provoca una llamada la función (1) dccp_new, (2) dccp_packet o (3) dccp_error. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92 http://secunia.com/advisories/57446 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securityfocus.com/bid/66279 http://www.securitytracker.com/id/1029945 http://www.ubuntu.com/usn/USN-2173-1 http://www.ubuntu.com/usn/USN-2174-1 https://bugzilla.redhat.com/show_bug.cgi?id=1077343 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 91%CPEs: 35EXPL: 0CVE-2014-0101 – kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
https://notcve.org/view.php?id=CVE-2014-0101
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no valida ciertos campos auth_enable y auth_capable antes de hacer una llamada sctp_sf_authenticate, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de un SCTP handshake con un fragmento INIT modificado y un fragmento AUTH manipulado anterior a un fragmento COOKIE_ECHO. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://rhn.redhat.com/errata/RHSA-2014-0328.html http://rhn.redhat.com/errata/RHSA-2014-0419.html http://rhn.redhat.com/errata/RHSA-2014-0432.html http://secunia.com/advisories/59216 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html http://www.openwall.com/lists/oss-security/2014/03/04/6 http://www.securityfocus.com/bid/65943 h • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0049
https://notcve.org/view.php?id=CVE-2014-0049
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data. Desbordamiento de buffer en la función complete_emulated_mmio en arch/x86/kvm/x86.c en el kernel de Linux anterior a 3.13.6 permite a usuarios del sistema operativo invitado ejecutar código arbitrario en el sistema operativo anfitrión mediante el aprovechamiento de un bucle que provoca una copia de memoria inválida que afecta a ciertos datos cancel_work_item. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a08d3b3b99efd509133946056531cdf8f3a0c09b http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6 http://www.openwall.com/lists/oss-security/2014/03/03/1 https://bugzilla.redhat.com/show_bug.cgi?id=1062368 https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •