Page 504 of 2699 results (0.018 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. arch/x86/kvm/emulate.c en el kernel de Linux hasta la versión 4.9.3 permite a usuarios locales obtener información sensible de memoria del kernel o provocar una denegación de servicio (uso después de liberación de memoria) a través de una aplicación manipulada que aprovecha la emulación de instrucciones para fxrstor, fxsave, sgdt y sidt. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/01/13/7 http://www.securityfocus.com/bid/95430 http://www.securitytracker.com/id/1037603 https://bugzilla.redhat.com/show_bug.cgi?id=1413001 https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d https://usn.ubuntu.com/3754-1 https://access.redhat.com/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. • http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.securityfocus.com/bid/94708 https://access.redhat.com/errata/RHSA-2017:0869 https://access.redhat.com/errata/RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2931 https://source.android.com/security/bulletin/2016-12-01.html https://support.f5.com/csp/article/K23030550?utm_source=f5support&amp%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2016-8399 https://bugzilla.redhat.com/show_bug.cgi? • CWE-20: Improper Input Validation CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1

The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. La función ring_buffer_resize en kernel/trace/ring_buffer.c en el subsistema de creación de perfiles del kernel de Linux en versiones anteriores a 4.6.1 no maneja adecuadamente ciertos cálculos de entero, lo que permite a usuarios locales obtener privilegios escribiendo en el archivo /sys/kernel/debug/tracing/buffer_size_kb. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1 http://www.securityfocus.com/bid/95278 https://github.com/torvalds/linux/commit/59643d1535eb220668692a5359de22545af579f6 https://source.android.com/security/bulletin/2017-01-01.html • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. La implementación sg en el kernel Linux hasta la versión 4.9 no restringe correctamente operaciones de escritura en situaciones donde la opción KERNEL_DS está activa, lo que permite a usuarios locales leer o escribir a ubicacioes arbitrarias de memoria de kernel o provocar una denegación de servicio (uso despues de liberación) aprovechando el acceso al dispositivo /dev/sg, relacionado con block/bsg.c y drivers/scsi/sg.c. NOTA: esta vulnerabilidad existe debido a una reparación incompleta de CVE-2016-9576. It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835 http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.openwall.com/lists/oss-security/2016/12/30/1 http://www.securityfocus.com/bid/95169 http://www.securitytracker.com/id/1037538 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://github.com/torvalds/linux • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. arch/x86/kvm/vmx.c en el kernek de Linux hasta la versión 4.9 no gestiona adecuadamente las excepciones #BP y #OF, lo que permite a usuarios del SO invitados provocar una denegación de servicio (caída del SO invitado) declinando el manejo de una excepción lanzada por un invitado L2. Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef85b67385436ddc1998f45f1d6a210f935b3388 http://www.debian.org/security/2017/dsa-3804 http://www.openwall.com/lists/oss-security/2016/12/15/3 http://www.securityfocus.com/bid/94933 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://bugzilla.redhat.com/show_bug.cgi?id=1404924 https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388 https:/&#x • CWE-248: Uncaught Exception CWE-388: 7PK - Errors •