Page 511 of 2716 results (0.034 seconds)

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html http://www.securityfocus.com/bid/106443 https://bugzilla.suse.com/show_bug.cgi?id=1120386 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html https://m • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable. Se ha detectado un uso de memoria previamente liberada en la manera en la que el hypervisor KVM del kernel de Linux procesa las interrupciones publicadas cuando la virtualización "nested(=1)" se encuentra habilitada. • http://www.securityfocus.com/bid/106254 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16882 https://lwn.net/Articles/775720 https://lwn.net/Articles/775721 https://marc.info/?l=kvm&m=154514994222809&w=2 https://support.f5.com/csp/article/K80557033 https://usn.ubuntu.com/3871-1 https://usn.ubuntu.com/3871-3 https://usn.ubuntu.com/3871-4 https://usn.ubuntu.com/3871-5 https://usn.ubuntu.com/3872-1 https://usn.ubuntu.com/3878-1 https • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.18.11. La función ipddp_ioctl en drivers/net/appletalk/ipddp.c permite que los usuarios locales obtengan información sensible del kernel aprovechando CAP_NET_ADMIN para leer los campos dev y next de ipddp_route mediante una llamada IOCTL SIOCFINDIPDDPRT. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9824dfae5741275473a23a7ed5756c7b6efacc9d http://www.securityfocus.com/bid/106347 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.11 https://github.com/torvalds/linux/commit/9824dfae5741275473a23a7ed5756c7b6efacc9d https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lkml.org/lkml/2018/9/27/480 https://usn.ubuntu.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Se ha encontrado un error en el subsistema de archivos NFS41+ del kernel de Linux. • http://www.securityfocus.com/bid/106253 https://access.redhat.com/errata/RHSA-2019:1873 https://access.redhat.com/errata/RHSA-2019:1891 https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0204 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884 https://lists.debian.org/debian-lts • CWE-416: Use After Free •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.19.9. El subsistema USB gestiona de manera incorrecta las comprobaciones de tamaño durante la lectura de un descriptor extra, relacionado con __usb_get_extra_descriptor en drivers/usb/core/usb.c. A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9 https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https:/ • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •