CVE-2017-16649
https://notcve.org/view.php?id=CVE-2017-16649
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. La función usbnet_generic_cdc_bind en drivers/net/usb/cdc_ether.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (error de división por cero y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. • http://www.securityfocus.com/bid/101761 https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://patchwork.ozlabs.org/patch/834771 https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3822-1 https://usn.ubuntu.com/3822-2 • CWE-369: Divide By Zero •
CVE-2017-16650
https://notcve.org/view.php?id=CVE-2017-16650
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. La función qmi_wwan_bind en drivers/net/usb/qmi_wwan.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (error de división por cero y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. • http://www.securityfocus.com/bid/101791 https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ https://patchwork.ozlabs.org/patch/834770 https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3754-1 • CWE-369: Divide By Zero •
CVE-2017-17450
https://notcve.org/view.php?id=CVE-2017-17450
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. net/netfilter/xt_osf.c en el kernel de Linux hasta la versión 4.14.4 no requiere la capacidad CAP_NET_ADMIN para operaciones "add_callback" y "remove_callback", lo que permite que usuarios locales omitan las restricciones de acceso establecidas debido a que la estructura de datos xt_osf_fingers se comparte entre todos los espacios de nombres de la red. • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://www.securityfocus.com/bid/102110 https://lkml.org/lkml/2017/12/5/982 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3632-1 https://www.debian.org/security/2017/dsa-4073 • CWE-862: Missing Authorization •
CVE-2017-18204
https://notcve.org/view.php?id=CVE-2017-18204
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. La función ocfs2_setattr en fs/ocfs2/file.c en el kernel de Linux, en versiones anteriores a la 4.14.2, permite que usuarios locales provoquen una denegación de servicio (deadlock) mediante peticiones DIO. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300 http://www.securityfocus.com/bid/103183 https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300 https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 https://www.kernel.org/pu •
CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. • http://www.openwall.com/lists/oss-security/2017/12/04/2 http://www.securityfocus.com/bid/102038 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/security/cve/cve-2017-1000407 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •