CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones anteriores a la 4.14.8 no valida que el algoritmo de hash criptográfico subyacente no tenga clave, lo que permite que un atacante local capaz de utilizar la interfaz hash basada en AF_ALG (CONFIG_CRYPTO_USER_API_HASH) y el algoritmo hash basado en SHA-3 (CONFIG_CRYPTO_SHA3) provoque un desbordamiento de búfer de pila de kernel ejecutando una secuencia manipulada de llamadas al sistema para encontrar una inicialización SHA-3 ausente. The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://www.securityfocus. • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7346
https://notcve.org/view.php?id=CVE-2017-7346
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_gb_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión4.10.7 no valida ciertos niveles de datos, lo que permite a usuarios locales provocar una denegación de servicio (colgar sistema) a través de una llamada al archivo ioctl manipulado para un dispositivo /dev/dri/renderD*. • http://marc.info/?l=linux-kernel&m=149086968410117&w=2 http://www.debian.org/security/2017/dsa-3927 http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/97257 https://bugzilla.redhat.com/show_bug.cgi?id=1437431 https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 4CVE-2017-7308 – Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7308
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. La función packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versión 4.10.6, no comprueba apropiadamente ciertos datos de tamaño de bloque, lo que permite a los usuarios locales causar una denegación de servicio (error de firma de enteros y escritura fuera de límites), y alcanzar privilegios (si se mantiene la capacidad CAP_NET_RAW), por medio de llamadas de sistema diseñadas. It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation. • https://www.exploit-db.com/exploits/44654 https://www.exploit-db.com/exploits/41994 https://www.exploit-db.com/exploits/47168 https://github.com/anldori/CVE-2017-7308 http://www.securityfocus.com/bid/97234 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://access.redhat.com/errata/RHSA-2018:1854 https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-pa • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7294 – kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
https://notcve.org/view.php?id=CVE-2017-7294
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.6 no valida adicción de ciertos niveles de datos, lo que permite a usuarios locales activar un desbordamiento de entero y lectura de fuera de límites, y provocar una denegación de servicio (bloqueo del sistema o caída) o posiblemente ganar privilegios, a través de una llamada ioctl manipulada para un dispositivo /dev/dri/renderD*. An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://www.securityfocus.com/bid/97177 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://bugzilla.redhat.com/show_bug.cgi?id=1436798 https://lists.freedesktop.org/archives/dri-devel/2017-March/137094.html https://access.redhat.com/security/cve/CVE-2017-7294 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7277
https://notcve.org/view.php?id=CVE-2017-7277
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. La pila TCP en el kernel de Linux hasta la versión 4.10.6 no maneja adecuadamente la funcionalidad SCM_TIMESTAMPING_OPT_STATS, lo que permite a usuarios locales obtener información sensible de la estructuras internas de datos del socket del kernel o provocar una denegación de servicio (lectura fuera de límites) a través de llamadas al sistema manipuladas, relacionado con net/core/skbuff.c y net/socket.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc http://www.securityfocus.com/bid/97141 https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc https://lkml.org/lkml/2017/3/15/485 https://patchwork.ozlabs.org/patch/740636 https://patchwor • CWE-125: Out-of-bounds Read •