Page 485 of 4392 results (0.020 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). La función rngapi_reset en crypto/rng.c en el kernel de Linux en versiones anteriores a la 4.2 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL). A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://bugzilla.redhat.com/show_bug.cgi?id=1485815 https://bugzilla.redhat.com/show_bug.cgi?id=1514609 https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6 https://access.redhat.com/security/cve/CVE-2017-15116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 2

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. La implementación de políticas de volcado XFRM en net/xfrm/xfrm_user.c en el kernel de Linux en versiones anteriores a la 4.13.11 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante una llamada del sistema a setsockopt con la opción SO_RCVBUF junto con mensajes Netlink XFRM_MSG_GETPOLICY. The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system. • https://www.exploit-db.com/exploits/44049 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://seclists.org/fulldisclosure/2017/Nov/40 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101954 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1355 https:/ • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versiones anteriores a la 4.13.11 gestiona de manera incorrecta la división de nodos, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y pánico) mediante una aplicación manipulada, tal y como demuestra el tipo de clave de conjunto de claves, así como las operaciones de suma de claves y creación de enlaces. A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 http://www.securityfocus.com/bid/101678 https://access.redhat.com/errata/RHSA-2018:0151 https://bugzilla.redhat.com/show_bug.cgi?id=1501215 https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b https://usn.ubuntu.com/3698-1 https://usn.ubuntu.com/3698-2 https://access.redhat.com/secu • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. Las funciones bio_map_user_iov y bio_unmap_user en block/bio.c en el kernel de Linux en versiones anteriores a la 4.13.8 realizan un refcount no equilibrado cuando un vector SCSI I/O tiene búferes pequeños consecutivos que pertenecen a la misma página. La función bio_add_pc_page los combina en uno solo, pero la referencia de la página nunca se anula. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467 http://seclists.org/oss-sec/2017/q4/52 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 http://www.securityfocus.com/bid/101911 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat&# • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. La función tower_probe en drivers/usb/misc/legousbtower.c en el kernel de Linux en versiones anteriores a la 4.8.1 permite que usuarios locales (que estén tan cerca físicamente como para insertar un dispositivo USB manipulado) obtengan privilegios aprovechando una condición de write-what-where que ocurre tras una condición de carrera y una desreferencia de puntero NULL • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2fae9e5a7babada041e2e161699ade2447a01989 http://seclists.org/oss-sec/2017/q4/238 http://www.securityfocus.com/bid/101790 https://bugzilla.redhat.com/show_bug.cgi?id=1505905 https://github.com/torvalds/linux/commit/2fae9e5a7babada041e2e161699ade2447a01989 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-476: NULL Pointer Dereference •