CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7261
https://notcve.org/view.php?id=CVE-2017-7261
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.5 no verifica el valor cero de ciertos niveles de datos, lo que permite a los usuarios locales provocar una denegación de servicio (referencia ZERO_SIZE_PTR y GPF y posiblemente pánico) a través de una llamada ioctl manipulada para un dispositivo /dev/dri/renderD*. • http://marc.info/?t=149037004200005&r=1&w=2 http://www.securityfocus.com/bid/97096 https://bugzilla.redhat.com/show_bug.cgi?id=1435719 https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7187 – kernel: scsi: Stack-based buffer overflow in sg_ioctl function
https://notcve.org/view.php?id=CVE-2017-7187
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. La función sg_ioctl en drivers/scsi/sg.c en el kernel de Linux hasta la versión 4.10.4 permite a usuarios locales provocar una denegación de servicio (desbordamiento de búfer basado en pila) o posiblemente tener otro impacto no especificado a través de un gran tamaño de comando en una llamada SG_NEXT_CMD_LEN ioctl, conduciendo a acceso de escritura fuera de límites en la función sg_write. The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. • http://www.securityfocus.com/bid/96989 http://www.securitytracker.com/id/1038086 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://gist.github.com/dvyukov/48ad14e84de45b0be92b7f0eda20ff1b https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.11/scsi-fixes&id=bf33f87dd04c371ea33feb821b60d63d754e3124 https://source.android.com/security/bulletin/pixel/2017-10-01 https:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-7184 – Linux Kernel XFRM Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-7184
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. La función xfrm_replay_verify_len en net/xfrm/xfrm_user.c en el kernel de Linux hasta la versión 4.10.6 no valida ciertos datos de tamaño después de una actualización XFRM_MSG_NEWAE, lo que permite a usuarios locales obtener privilegios de root o provocar una denegación de servicio (acceso fuera de límites basado en memoria dinámica) aprovechando la capacidad CAP_NET_ADMIN, como se demostró durante una competición Pwn2Own en CanSecWest 2017 para el paquete Ubuntu 16.10 linux-image-* 4.8.0.41.52. Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of the Linux Kernel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df http://openwall.com/lists/oss-security/2017/03/29/2 http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition http://www.securityfocus.com/bid/97018 http://www.securitytracker.com/id/1038166 https://access.redhat.com/errata/RHSA-2017:2918 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6951 – kernel: NULL pointer dereference in keyring_search_aux function
https://notcve.org/view.php?id=CVE-2017-6951
The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. La función keyring_search_aux en security/keys/keyring.c en el kernel de Linux hasta la versión 3.14.79 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y OOPS) a través de una llamada al sistema request_key para el tipo "muerte". The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service via a request_key system call for the "dead" key type. • http://www.securityfocus.com/bid/96943 http://www.spinics.net/lists/keyrings/msg01845.html http://www.spinics.net/lists/keyrings/msg01846.html http://www.spinics.net/lists/keyrings/msg01849.html https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://access.redhat.com/security/cve/CVE-2017-6951 https://bugzilla.redhat.com/show_bug.cgi?id=1433252 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8483
https://notcve.org/view.php?id=CVE-2016-8483
An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. • http://www.securityfocus.com/bid/96805 http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01 https://source.android.com/security/bulletin/2017-03-01.html https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •