CVE-2017-5972 – Linux Kernel 3.10.0 (CentOS 7) - Denial of Service
https://notcve.org/view.php?id=CVE-2017-5972
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code. La pila TCP en el kernel de Linux versiones 3.x, no implementa apropiadamente un mecanismo de protección de cookies SYN para el caso de una conexión de red rápida, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de CPU) mediante el envío de muchos paquetes TCP SYN, como es demostrado por un ataque contra el paquete kernel versión 3.10.0 en CentOS Linux versión 7. NOTA: terceros no han podido discernir ninguna relación entre la búsqueda de GitHub Engineering y el código de ataque Trigemini.c. CentOS7 suffers from a kernel crashing denial of service issue triggered by an rsyslog daemon vulnerability. • https://www.exploit-db.com/exploits/41350 http://seclists.org/oss-sec/2017/q1/573 http://www.securityfocus.com/bid/96231 https://access.redhat.com/security/cve/cve-2017-5972 https://bugzilla.redhat.com/show_bug.cgi?id=1422081 https://cxsecurity.com/issue/WLB-2017020112 https://githubengineering.com/syn-flood-mitigation-with-synsanity https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html https://security-tracker.debian.org/tracker/CVE-2017-5972 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-5967
https://notcve.org/view.php?id=CVE-2017-5967
The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. El subsistema de tiempo en el kernel de Linux hasta la versión 4.9.9, cuando CONFIG_TIMER_STATS está habilitado, permite a usuarios locales descubrir valores PID reales (diferenciados de valores PID dentro de un namespace PID) leyendo el archivo /proc/timer_list, relacionado con la función print_timer en kernel/time/timer_list.c y la función __timer_stats_timer_set_start_info en kernel/time/timer.c. • http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1 http://www.securityfocus.com/bid/96271 https://bugzilla.kernel.org/show_bug.cgi?id=193921 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-5970 – kernel: ipv4: Invalid IP options could cause skb->dst drop
https://notcve.org/view.php?id=CVE-2017-5970
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. La función ipv4_pktinfo_prepare en net/ipv4/ip_sockglue.c en el kernel de Linux hasta la versión 4.9.9 permite a atacantes provocar una denegación de servicio (caída de sistema) a través de (1) una aplicación que hace llamadas de sistema manipuladas o posiblemente (2) tráfico IPv4 con opciones IP inválidas. A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644 http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/02/12/3 http://www.securityfocus.com/bid/96233 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.redhat.com/show_bug.cgi?id=1421638 https://github.com/torvalds& • CWE-476: NULL Pointer Dereference •
CVE-2016-8476
https://notcve.org/view.php?id=CVE-2016-8476
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. • http://www.securityfocus.com/bid/96047 http://www.securitytracker.com/id/1037798 https://source.android.com/security/bulletin/2017-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2017-0451
https://notcve.org/view.php?id=CVE-2017-0451
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. • http://www.securityfocus.com/bid/96108 http://www.securitytracker.com/id/1037798 https://source.android.com/security/bulletin/2017-02-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •