Page 481 of 2995 results (0.014 seconds)

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. mm/shmem.c en el kernel de Linux hasta 3.15.1 no implementa debidamente la interacción entre la notificación del rango y la creación de agujeros, lo que permite a usuarios locales causar una denegación de servicio (apropiación del i_mutex) mediante la llamada de sistema mmap para acceder a un agujero, tal y como fue demostrado mediante la interferencia con la actividad shmem intencionada a través del bloqueo del completado de (1) una llamada MADV_REMOVE madvise o (2) una llamada FALLOC_FL_PUNCH_HOLE fallocate. A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2 http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch http://rhn.redhat.com/errata/RHSA-2014-1318.html http://rhn.redhat.com/errata/RHSA-2015-0102.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http& •

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 1

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. La función media_device_enum_entities en drivers/media/media-device.c en el kernel de Linux anterior a 3.14.6 no inicializa cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel mediante el aprovechamiento del acceso a lectura /dev/media0 para una llamada MEDIA_IOC_ENUM_ENTITIES ioctl. An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes. • https://www.exploit-db.com/exploits/39214 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://secunia.com/advisories/59597 http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. arch/x86/kernel/entry_32.S en el kernel de Linux hasta 3.15.1 en plataformas de 32-bit x86, cuando la auditoria de llamadas de sistema está habilitada y la etiqueta de la funcionalidad de la CPU sep está configurada, permite a usuarios locales causar una denegación de servicio (OOPS y caída del sistema) a través de un número de llamada de sistema inválido, tal y como fue demostrado por el número 1000. A flaw was found in the Linux kernel’s system-call auditing support(CONFIG_AUDITSYSCALL) for 32-bit platforms. It is vulnerable to a crash caused by erroneous handling of bad system call numerals. This issue occurs during syscall(2) calls if system-call auditing is enabled on the system. This flaw allows an unprivileged user or process to crash the system kernel, resulting in a denial of service. • http://article.gmane.org/gmane.linux.kernel/1726110 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://openwall.com/lists/oss-security/2014/06/20/1 http://secunia.com/advisories/58964 http://secunia.com/advisories/60564 http://www.openwall.com/lists/oss-security/2014/06/20/10 http://www.openwall.com&# • CWE-189: Numeric Errors CWE-391: Unchecked Error Condition •

CVSS: 2.3EPSS: 0%CPEs: 35EXPL: 0

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. La función rd_build_device_space en drivers/target/target_core_rd.c en el kernel de Linux anterior a 3.14 no inicializa debidamente cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria ramdisk_mcp mediante el aprovechamiento del acceso a un iniciador SCSI. An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://secunia.com/advisories/59134 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://secunia.com/advisories/61310 http://www.openwall. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem. arch/mips/include/asm/thread_info.h en el kernel de Linux anterior a 3.14.8 en la plataforma MIPS no configura comprobaciones _TIF_SECCOMP en la ruta rápida de llamadas del sistema, lo que permite a usuarios locales evadir restricciones PR_SET_SECCOMP mediante la ejecución de una aplicación manipulada sin la invocación de una traza o un subsistema de auditoria. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=137f7df8cead00688524c82360930845396b8a21 http://openwall.com/lists/oss-security/2014/06/16/1 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8 http://www.openwall.com/lists/oss-security/2014/06/17/17 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751417 https://github.com/torvalds/linux/commit/137f7df8cead00688524c82360930845396b8a21 • CWE-264: Permissions, Privileges, and Access Controls •