Page 502 of 2811 results (0.022 seconds)

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html http://www.securityfocus.com/bid/106443 https://bugzilla.suse.com/show_bug.cgi?id=1120386 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html https://m • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.18.11. La función ipddp_ioctl en drivers/net/appletalk/ipddp.c permite que los usuarios locales obtengan información sensible del kernel aprovechando CAP_NET_ADMIN para leer los campos dev y next de ipddp_route mediante una llamada IOCTL SIOCFINDIPDDPRT. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9824dfae5741275473a23a7ed5756c7b6efacc9d http://www.securityfocus.com/bid/106347 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.11 https://github.com/torvalds/linux/commit/9824dfae5741275473a23a7ed5756c7b6efacc9d https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lkml.org/lkml/2018/9/27/480 https://usn.ubuntu.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Se ha encontrado un error en el subsistema de archivos NFS41+ del kernel de Linux. • http://www.securityfocus.com/bid/106253 https://access.redhat.com/errata/RHSA-2019:1873 https://access.redhat.com/errata/RHSA-2019:1891 https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0204 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884 https://lists.debian.org/debian-lts • CWE-416: Use After Free •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.19.9. El subsistema USB gestiona de manera incorrecta las comprobaciones de tamaño durante la lectura de un descriptor extra, relacionado con __usb_get_extra_descriptor en drivers/usb/core/usb.c. A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9 https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https:/ • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 1

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. La implementación de userfaultfd en el kernel de Linux en versiones anteriores a la 4.17 gestiona de manera incorrecta para ciertas llamadas ioctl UFFDIO_, tal y como queda demostrado al permitir que usuarios locales escriban datos en huecos en un archivo tmpfs (si el usuario tiene acceso de solo lectura a dicho archivo que contiene huecos). Esto está relacionado con fs/userfaultfd.c y mm/userfaultfd.c. A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0202 https://access.redhat.com/errata/RHSA-2019:0324 https://access.redhat.com/errata/RHSA-2019:0831 https://bugs.chromium.org/p/project-zero/issues/detail?id=1700 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87& • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •