Page 487 of 2653 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. La función ip_cmsg_recv_checksum en net/ipv4/ip_sockglue.c en el kernel de Linux en versiones anteriores a 4.10.1 tiene expectativas incorrectas sobre la disposición de datos skb, lo que permite a usuarios locales provocar una denegación de servicio (sobre lectura de búfer) o la posibilidad de tener otro impacto no especificado a través de llamadas al sistema manipulado, como lo demuestra el uso de indicadores MSG_MORE en conjunción con la trasmisión del bucle de retorno UDP. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1 http://www.openwall.com/lists/oss-security/2017/02/28/5 http://www.securityfocus.com/bid/96487 https://bugzilla.redhat.com/show_bug.cgi?id=1427984 https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. La función do_shmat en ipc/shm.c en el kernel de Linux hasta la versión 4.9.12 no restringe la dirección calculada por cierta operación de redondeo, lo que permite a usuarios locales asignar la página cero, y como consecuencia, eludir un mecanismo de protección que existe por la llamada de sistema mmap, haciendo llamadas a sistema shmget y shmat manipuladas en un contexto privilegiado. • http://www.debian.org/security/2017/dsa-3804 http://www.securityfocus.com/bid/96754 http://www.securitytracker.com/id/1037918 https://bugzilla.kernel.org/show_bug.cgi?id=192931 https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8 https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. Se ha encontrado un fallo en el manejo del kernel de Linux para borrar los atributos SELinux de los ficheros /proc/pid/attr en versiones anteriores a la 4.9.10. Una escritura vacía (null) en este archivo puede cerrar de manera inesperada el sistema haciendo que el sistema intente acceder a la memoria no mapeada del kernel. A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. • http://www.securityfocus.com/bid/96272 https://access.redhat.com/errata/RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0933 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125 https://marc.info/?l=selinux&m=148588165923772&w=2 https://www.debian.org/security/2017/dsa-3791 https://access.redhat. • CWE-193: Off-by-one Error CWE-682: Incorrect Calculation •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. La función ip6gre_err en net/ipv6/ip6_gre.c en el kernel de Linux permite a atacantes remotos tener impacto no especificado a través de vectores involucrando indicadores GRE flags en un paquete IPv6, que desencadenan un acceso fuera de los límites. • http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/02/07/2 http://www.securityfocus.com/bid/96037 http://www.securitytracker.com/id/1037794 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756 https://source.android.com/security/bulletin/2017-09-01 https://usn.ubuntu.com/3754-1 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0

The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. La función tcp_splice_read en net/ipv4/tcp.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y bloqueo débil) a través de vectores que involucran un paquete TCP con la bandera URG. A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82 http://www.debian.org/security/2017/dsa-3804 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 http://www.securityfocus.com/bid/96421 http://www.securitytracker.com/id/1037897 https://access.redhat.com/errata/RHSA-2017:1372 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://access.redhat.com/errata& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •