CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2583 – Kernel: Kvm: vmx/svm potential privilege escalation inside guest
https://notcve.org/view.php?id=CVE-2017-2583
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. La implementación de load_segment_descriptor en arc/x86/kvm/emulate.c en el kernel de Linux en versiones anteriores a 4.9.5 emula indebidamente una instrucción "MOV SS, NULL selector", lo que permite a usuarios del SO invitado provocar una denegación de servicio (caída del SO invitado) u obteniendo privilegios de SO invitado a través de una aplicación manipulada. Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3 http://www.debian.org/security/2017/dsa-3791 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 http://www.openwall.com/lists/oss-security/2017/01/19/2 http://www.securityfocus.com/bid/95673 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://bugzilla.redhat.com/show_bug.cgi?id=1414735 https:/ • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5577
https://notcve.org/view.php?id=CVE-2017-5577
The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. La función vc4_get_bcl en drivers/gpc/drm/vc4/vc4_gem.c en el controlador VideoCore DRM en el kernel de Linux en versiones anteriores a 4.9.7 no establece un valor errno sobre ciertas detecciones de desbordamiento, lo que permite a usuarios locales provocar una denegación de servicio (referencia incorrecta al puntero y OOPS) a través de valores de tamaño inconsistentes en una llamada ioctl VC4_SUBMIT_CL. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8ac63847bc2f958dd93c09edc941a0118992d9 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7 http://www.openwall.com/lists/oss-security/2017/01/21/7 http://www.securityfocus.com/bid/95765 https://bugzilla.redhat.com/show_bug.cgi?id=1416437 https://github.com/torvalds/linux/commit/6b8ac63847bc2f958dd93c09edc941a0118992d9 https://lkml.org/lkml/2017/1/17/759 • CWE-388: 7PK - Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5549
https://notcve.org/view.php?id=CVE-2017-5549
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. La función klsi_105_get_line_state en drivers/usb/serial/kl5kusb105.c en el kernel de Linux en versiones anteriores a 4.9.5 coloca los contenidos de memoria de pila no inicializados en una entrada de registro sobre un fallo para leer el estado de la línea, lo que permite a usuarios locales obtener información sensible leyendo el registro. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146cc8a17a3b4996f6805ee5c080e7101277c410 http://www.debian.org/security/2017/dsa-3791 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95715 https://bugzilla.redhat.com/show_bug.cgi?id=1416114 https://github.com/torvalds/linux/commit/146cc8a17a3b4996f6805ee5c080e7101277c410 https://usn.ubuntu.com/3754-1 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5550
https://notcve.org/view.php?id=CVE-2017-5550
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. Error por un paso en la función pipe_advance en lib/iov_iter.c en el kernel de Linux en versiones anteriores a 4.9.5 permite a usuarios locales obtener información sensible de posiciones de memoria dinámica no inicializadas en circunstancias oportunistas leyendo desde una tubería después una decisión de liberación de búfer incorrecta. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95716 https://bugzilla.redhat.com/show_bug.cgi?id=1416116 https://github.com/torvalds/linux/commit/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10208 – kernel: EXT4 memory corruption / SLAB out-of-bounds read
https://notcve.org/view.php?id=CVE-2016-10208
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. La función ext4_fill_super en fs/ext4/super.c en el kernel de Linux hasta la versión 4.9.8 no valida correctamente los grupos de bloque meta, lo que permite a atacantes físicamente próximos provocar una denegación de servicio (lectura fuera de límites y caída del sistema) a través de una imagen ext4 manipulada. Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe http://seclists.org/fulldisclosure/2016/Nov/75 http://www.openwall.com/lists/oss-security/2017/02/05/3 http://www.securityfocus.com/bid/94354 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://bugzilla.redhat.com/show_bug.cgi?id=1395190 https://github.com/torvalds&# • CWE-125: Out-of-bounds Read •