CVE-2017-16647
https://notcve.org/view.php?id=CVE-2017-16647
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. drivers/net/usb/asix_devices.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. • http://www.securityfocus.com/bid/101767 https://groups.google.com/d/msg/syzkaller/_9a6pd-p_0E/OnmnplQuAgAJ https://patchwork.ozlabs.org/patch/834686 https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 • CWE-476: NULL Pointer Dereference •
CVE-2017-16994 – Linux Kernel - 'mincore()' Uninitialized Kernel Heap Page Disclosure
https://notcve.org/view.php?id=CVE-2017-16994
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. La función walk_hugetlb_range en mm/pagewalk.c en el kernel de Linux en versiones anteriores a la 4.14.2 gestiona de manera incorrecta los agujeros en los rangos hugetlb, lo que permite que usuarios locales obtengan información sensible de la memoria del kernel no inicializada mediante el uso manipulado de la llamada del sistema mincore(). The walk_hugetlb_range() function in 'mm/pagewalk.c' file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. • https://www.exploit-db.com/exploits/43178 https://www.exploit-db.com/exploits/44304 https://www.exploit-db.com/exploits/44303 https://github.com/jedai47/CVE-2017-16994 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2 http://www.securityfocus.com/bid/101969 https://access.redhat.com/errata/RHSA-2018:0502 https://bugs.chromium.org/p/project-zero/i • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-5332 – kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation causes heap out-of-bounds write
https://notcve.org/view.php?id=CVE-2018-5332
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). En el kernel de Linux hasta la versión 3.2, la función rds_message_alloc_sgs() no valida un valor empleado durante la asignación de página DMA, lo que conduce a una escritura fuera de límites basada en memoria dinámica (heap), relacionado con la función rds_rdma_extra_size en net/rds/rdma.c In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size() function in 'net/rds/rdma.c') and thus to a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c http://www.securityfocus.com/bid/102507 https://access.redhat.com/errata/RHSA-2018:0470 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3617-1 https://usn. • CWE-787: Out-of-bounds Write •
CVE-2017-16532
https://notcve.org/view.php?id=CVE-2017-16532
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. La función get_endpoints en drivers/usb/misc/usbtest.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. • https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8 https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3754-1 • CWE-476: NULL Pointer Dereference •
CVE-2017-17807 – kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission
https://notcve.org/view.php?id=CVE-2017-17807
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.14.6 omitía una comprobación de control de acceso cuando se agregaba una clave al "llavero de acceso por defecto" de la tarea actual mediante la llamada al sistema request_key(), permitiendo a un usuario local utilizar una secuencia de llamadas de sistema manipuladas para añadir claves a un llavero solo con permiso de búsqueda (no de escritura) a ese llavero. Esto está relacionado con construct_get_dest_keyring() en security/keys/request_key.c. The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b http://www.securityfocus.com/bid/102301 https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3620 • CWE-862: Missing Authorization •