CVE-2017-18203 – kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
https://notcve.org/view.php?id=CVE-2017-18203
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. La función dm_get_from_kobject en drivers/md/dm.c en el kernel de Linux, en versiones anteriores a la 4.14.3, permite que usuarios locales provoquen una denegación de servicio (bug) aprovechando una condición de carrera en __dm_destroy durante la creación y eliminación de dispositivos DM. The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed http://www.securityfocus.com/bid/103184 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2019:4154 https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https: • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •
CVE-2017-18202 – kernel: Infoleak/use-after-free in __oom_reap_task_mm function in mm/oom_kill.c
https://notcve.org/view.php?id=CVE-2017-18202
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. La función __oom_reap_task_mm en mm/oom_kill.c en el kernel de Linux, en versiones anteriores a la 4.14.4, gestiona de manera incorrecta las operaciones de recopilación. Esto permite que los atacantes provoquen una denegación de servicio (filtrado de entrada TLB o uso de memoria previamente liberada) u otro tipo de impacto sin especificar desencadenando una llamada copy_to_user en un periodo de tiempo determinado. The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel, before 4.14.4, mishandles gather operations. This allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=687cb0884a714ff484d038e9190edc874edcf146 http://www.securityfocus.com/bid/103161 https://access.redhat.com/errata/RHSA-2018:2772 https://github.com/torvalds/linux/commit/687cb0884a714ff484d038e9190edc874edcf146 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4 https://access.redhat.com/security/cve/CVE-2017-18202 https://bugzilla.redhat.com/show_bug.cgi?id=1549621 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2018-7492
https://notcve.org/view.php?id=CVE-2018-7492
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. Se ha encontrado una desreferencia de puntero NULL en la función net/rds/rdma.c __rds_rdma_map() en el kernel de Linux, en versiones anteriores a la 4.14.7, que permite que atacantes locales provoquen un error en el sistema y una denegación de servicio (DoS). Esto se relaciona con RDS_GET_MR y RDS_GET_MR_FOR_DEST. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca http://www.securityfocus.com/bid/103185 https://bugzilla.redhat.com/show_bug.cgi?id=1527393 https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://patchwork.kernel.org/patch/10096441 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3674-1 https • CWE-476: NULL Pointer Dereference •
CVE-2017-18200
https://notcve.org/view.php?id=CVE-2017-18200
The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. La implementación f2fs en el kernel de Linux, en versiones anteriores a la 4.14, gestiona erróneamente las cuentas asociadas a las llamadas f2fs_wait_discard_bios. Esto permite que usuarios locales provoquen una denegación de servicio (bug), tal y como demuestra fstrim. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4 https://github.com/torvalds/linux/commit/638164a2718f337ea224b747cf5977ef143166a4 • CWE-20: Improper Input Validation •
CVE-2018-7480
https://notcve.org/view.php?id=CVE-2018-7480
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. La función blkcg_init_queue en block/blk-cgroup.c en el kernel de Linux, en versiones anteriores a la 4.11, permite que los usuarios locales provoquen una denegación de servicio (doble liberación) o, posiblemente, causen otros impactos no especificados desencadenando un fallo de creación. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258 https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258 https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3656-1 https://www.debian.org/security/2018/dsa-4188 • CWE-415: Double Free •