CVE-2017-17741
https://notcve.org/view.php?id=CVE-2017-17741
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. La implementación KVM en el kernel de Linux hasta la versión 4.14.7 permite que atacantes remotos obtengan información potencialmente sensible de la memoria del kernel. Esto también se conoce como una lectura fuera de límites basada en pila write_mmio y está relacionado con arch/x86/kvm/x86.c e include/trace/events/kvm.h. • http://www.securityfocus.com/bid/102227 https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3620-1 https://usn.ubuntu.com/3620-2 https://usn.ubuntu.com/3632-1 https://www.debian.org/security/2017/dsa-4073 https://www.debian.org/security/2018/dsa-4082 • CWE-125: Out-of-bounds Read •
CVE-2017-17805 – kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17805
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. El algoritmo de cifrado Salsa20 en el kernel de Linux en versiones anteriores a la 4.14.8 no maneja correctamente las entradas de longitud cero, lo que permite a un atacante local capaz de utilizar la interfaz skcipher basada en AF_ALG (CONFIG_CRYPTO_USER_API_SKCIPHER) provocar una denegación de servicio (liberación de memoria no inicializada y fallo del kernel) o provocar otro impacto no especificado ejecutando una secuencia manipulada de llamadas al sistema que utilizan la API blkcipher_walk. Tanto la implementación genérica (crypto/salsa20_generic.c) como la implementación x86 (arch/x86/crypto/salsa20_glue.c) de Salsa20 eran vulnerables. The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://www.securityfocus. • CWE-20: Improper Input Validation •
CVE-2018-5333 – Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-5333
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. En el kernel de Linux hasta la versión 4.14.13, la función rds_cmsg_atomic en net/rds/rdma.c gestiona de manera incorrecta los casos en los que fracasa la asignación de páginas o cuando se proporciona una dirección no válida, lo que conduce a una desreferencia de puntero NULL en rds_atomic_free_op. In the Linux kernel through 4.14.13, the rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic. • https://www.exploit-db.com/exploits/47957 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737 http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html http://www.securityfocus.com/bid/102510 https://access.redhat.com/errata/RHSA-2018:0470 https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https: • CWE-476: NULL Pointer Dereference •
CVE-2018-5344 – kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service
https://notcve.org/view.php?id=CVE-2018-5344
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. En el kernel de Linux hasta la versión 4.14.13, drivers/block/loop.c gestiona de manera incorrecta la serialización de lo_release, lo que permite que atacantes provoquen una denegación de servicio (uso de memoria previamente liberada de __lock_acquire) o, posiblemente, otro impacto sin especificar. A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 http://www.securityfocus.com/bid/102503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https://usn.ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2017-7346
https://notcve.org/view.php?id=CVE-2017-7346
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_gb_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión4.10.7 no valida ciertos niveles de datos, lo que permite a usuarios locales provocar una denegación de servicio (colgar sistema) a través de una llamada al archivo ioctl manipulado para un dispositivo /dev/dri/renderD*. • http://marc.info/?l=linux-kernel&m=149086968410117&w=2 http://www.debian.org/security/2017/dsa-3927 http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/97257 https://bugzilla.redhat.com/show_bug.cgi?id=1437431 https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html • CWE-20: Improper Input Validation •