CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-2618 – kernel: Off-by-one error in selinux_setprocattr (/proc/self/attr/fscreate)
https://notcve.org/view.php?id=CVE-2017-2618
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. Se ha encontrado un fallo en el manejo del kernel de Linux para borrar los atributos SELinux de los ficheros /proc/pid/attr en versiones anteriores a la 4.9.10. Una escritura vacía (null) en este archivo puede cerrar de manera inesperada el sistema haciendo que el sistema intente acceder a la memoria no mapeada del kernel. A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. • http://www.securityfocus.com/bid/96272 https://access.redhat.com/errata/RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0933 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125 https://marc.info/?l=selinux&m=148588165923772&w=2 https://www.debian.org/security/2017/dsa-3791 https://access.redhat. • CWE-193: Off-by-one Error CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2017-6214 – kernel: ipv4/tcp: Infinite loop in tcp_splice_read()
https://notcve.org/view.php?id=CVE-2017-6214
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. La función tcp_splice_read en net/ipv4/tcp.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y bloqueo débil) a través de vectores que involucran un paquete TCP con la bandera URG. A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82 http://www.debian.org/security/2017/dsa-3804 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 http://www.securityfocus.com/bid/96421 http://www.securitytracker.com/id/1037897 https://access.redhat.com/errata/RHSA-2017:1372 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://access.redhat.com/errata& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5986 – kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf
https://notcve.org/view.php?id=CVE-2017-5986
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. Condición de carrera en la función sctp_wait_for_sndbuf en net/sctp/socket.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a usuarios locales provocar una denegación de servicio (fallo de aserción y pánico) a través de una aplicación multihilo que despega una asociación en un cierto estado de búfer completo. It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90 http://www.debian.org/security/2017/dsa-3804 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 http://www.openwall.com/lists/oss-security/2017/02/14/6 http://www.securityfocus.com/bid/96222 https://access.redhat.com/errata/RHSA-2017:1308 https://bugzilla.redhat.com/show_bug.cgi?id=1420276 https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 4CVE-2017-6074 – Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)
https://notcve.org/view.php?id=CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. La función dccp_rcv_state_process en net/dccp/input.c en el kernel de Linux hasta la versión 4.9.11 no maneja adecuadamente estructuras de paquetes de datos DCCP_PKT_REQUEST en el estado LISTEN, lo que permite a usuarios locales obtener privilegios root o provocar una denegación de servicio (liberación doble) a través de una aplicación que hace una llamada de sistema IPV6_RECVPKTINFO setsockopt. A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. • https://www.exploit-db.com/exploits/41457 https://www.exploit-db.com/exploits/41458 https://github.com/toanthang1842002/CVE-2017-6074 https://github.com/BimsaraMalinda/Linux-Kernel-4.4.0-Ubuntu---DCCP-Double-Free-Privilege-Escalation-CVE-2017-6074 http://rhn.redhat.com/errata/RHSA-2017-0293.html http://rhn.redhat.com/errata/RHSA-2017-0294.html http://rhn.redhat.com/errata/RHSA-2017-0295.html http://rhn.redhat.com/errata/RHSA-2017-0316.html http://rhn.redhat.com/err • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 3CVE-2017-5972 – Linux Kernel 3.10.0 (CentOS 7) - Denial of Service
https://notcve.org/view.php?id=CVE-2017-5972
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code. La pila TCP en el kernel de Linux versiones 3.x, no implementa apropiadamente un mecanismo de protección de cookies SYN para el caso de una conexión de red rápida, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de CPU) mediante el envío de muchos paquetes TCP SYN, como es demostrado por un ataque contra el paquete kernel versión 3.10.0 en CentOS Linux versión 7. NOTA: terceros no han podido discernir ninguna relación entre la búsqueda de GitHub Engineering y el código de ataque Trigemini.c. CentOS7 suffers from a kernel crashing denial of service issue triggered by an rsyslog daemon vulnerability. • https://www.exploit-db.com/exploits/41350 http://seclists.org/oss-sec/2017/q1/573 http://www.securityfocus.com/bid/96231 https://access.redhat.com/security/cve/cve-2017-5972 https://bugzilla.redhat.com/show_bug.cgi?id=1422081 https://cxsecurity.com/issue/WLB-2017020112 https://githubengineering.com/syn-flood-mitigation-with-synsanity https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html https://security-tracker.debian.org/tracker/CVE-2017-5972 • CWE-400: Uncontrolled Resource Consumption •