Page 506 of 2843 results (0.012 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. Desbordamiento de búfer basado en pila en la función brcmf_cfg80211_start_ap en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c en el kernel de Linux en versiones anteriores a 4.7.5 permite a usuarios locales provocar una denegación de servicio (caída de sistema) o tener otro posible impacto no especificado a través de un SSID Information Element largo en un comando a un socket Netlink. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5 http://www.openwall.com/lists/oss-security/2016/10/13/1 http://www.securityfocus.com/bid/93541 http://www.ubuntu.com/usn/USN-3145-1 http://www.ubuntu.com/usn/USN-3145-2 http://www.ubuntu.com/usn/USN-3146-1 http://www.ubuntu.com/usn/USN-3146-2 https://bugzilla.redhat.com/show_b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer. fs/overlayfs/copy_up.c en el kernel de Linux en versiones anteriores a 4.2.6 utiliza una ruta de código de limpieza incorrecta, lo que permite a usuarios locales provocar una denegación de servicio (fuga de referencia dentry) a través de operaciones de sistema de archivos en un archivo grande en una capa overlayfs inferior. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab79efab0a0ba01a74df782eb7fa44b044dae8b5 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.6 http://www.openwall.com/lists/oss-security/2016/08/23/9 http://www.securityfocus.com/bid/92611 https://bugzilla.redhat.com/show_bug.cgi?id=1367814 https://github.com/torvalds/linux/commit/ab79efab0a0ba01a74df782eb7fa44b044dae8b5 • CWE-399: Resource Management Errors •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. La función proc_keys_show en security/keys/proc.c en el kernel de Linux hasta la versión 4.8.2, cuando el protector de pila GNU Compiler Collection (gcc) está habilitado, utiliza un tamaño de búfer incorrecto para ciertos datos de tiempo de espera, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de la memoria de pila y pánico) leyendo el archivo /proc/keys. It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. • http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.openwall.com/lists/oss-security/2016/10/13/5 http://www.securityfocus.com/bid/93544 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.redhat.com/show_bug.cgi?id=1373966 https://source.android.com/security/bulletin/2017-01-01.html https://access.redhat.com/security/cve/CVE-2016-7042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. mm/memory.c en el kernel de Linux en versiones anteriores a 4.1.4 no maneja adecuadamente páginas anónimas, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (adulteración de página) a través de una aplicación manipulada que desencadena escribir a la página cero. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4 http://www.securityfocus.com/bid/93591 https://bugzilla.redhat.com/show_bug.cgi?id=1333830 https://github.com/torvalds/linux/commit/6b7339f4c31ad69c8e9c0b2859276e22cf72176d https://security-tracker.debian.org/tracker/CVE-2015-3288 https://source.android.com/security/bulletin/2017-01-01.html https://access.redhat.com/security& • CWE-20: Improper Input Validation CWE-391: Unchecked Error Condition •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. La implementación del sistema de archivos en el kernel de Linux hasta la versión 4.8.2 preserva el bit setgid durante una llamada setxattr, lo que permite a usuarios locales obtener privilegios de grupo aprovechando la existencia de un programa setgid con restricciones en permisos de ejecución. It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2 http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.openwall.com/lists/oss-security/2016/08/26/3 http://www.securityfocus.com/bid/92659 http://www.securitytracker.com/id/1038201 http://www.spinics.net/lists/linux-fsdevel/msg98328.html http://www.ubuntu.com/usn/USN-3146-1 http://www.ubuntu.com • CWE-285: Improper Authorization CWE-287: Improper Authentication •