CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18386 – kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service
https://notcve.org/view.php?id=CVE-2018-18386
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. drivers/tty/n_tty.c en el kernel de Linux en versiones anteriores a la 4.14.11 permite que atacantes locales (que pueden acceder a los pseudoterminales) bloqueen el uso de dispositivos pseudoterminal debido a una confusión EXTPROC versus ICANON en TIOCINQ. A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348 https://access.redhat.com/errata/RHSA-2019:0831 https://bugzilla.suse.com/show_bug.cgi?id=1094825 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11 https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348 https://usn.ubuntu.com/3849-1 https://usn.ubuntu.com/3849-2 https://access.redhat.com/security/cve/CVE-2018-18386 https://bugzilla& • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-18445 – kernel: Faulty computation of numberic bounds in the BPF verifier
https://notcve.org/view.php?id=CVE-2018-18445
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. En el kernel de Linux 4.14.x, 4.15.x, 4.16.x, 4.17.x y versiones 4.18.x anteriores a la 4.18.13, el cálculo incorrecto de enlaces numéricos en el verificador BPF permite accesos a la memoria fuera de límites debido a que adjust_scalar_min_max_vals en kernel/bpf/verifier.c gestiona de manera incorrecta los desplazamientos a la derecha de 32 bits. A security flaw was found in the Linux kernel in the adjust_scalar_min_max_vals() function in kernel/bpf/verifier.c. A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because this function mishandles 32-bit right shifts. A local unprivileged user cannot leverage this flaw, but as a privileged user ("root") this can lead to a system panic and a denial of service or other unspecified impact. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https://access.redhat.com/errata/RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0514 https://bugs.chromium.org/p/project-zero/issues/detail?id=1686 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13 https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https:/&# • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14656
https://notcve.org/view.php?id=CVE-2018-14656
A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. La falta de una comprobación de direcciones en los llamantes de show_opcodes() en el kernel de Linux permite que un atacante vuelque la memoria del kernel en una dirección arbitraria del kernel en el registro dmesg. • http://www.securitytracker.com/id/1041804 https://bugs.chromium.org/p/project-zero/issues/detail?id=1650 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14656 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342db04ae71273322f0011384a9ed414df8bdae4 https://lore.kernel.org/lkml/20180828154901.112726-1-jannh%40google.com/T https://seclists.org/oss-sec/2018/q4/9 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17977
https://notcve.org/view.php?id=CVE-2018-17977
The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7. El kernel de Linux en su versión 4.14.67 gestiona incorrectamente ciertas interacciones entre los mensajes XFRM Netlink, los paquetes IPPROTO_AH y los paquetes IPPROTO_IP, lo que permite que los usuarios locales provoquen una denegación de servicio (consumo de memoria y bloqueo del sistema) aprovechando el acceso root para ejecutar aplicaciones manipuladas, tal y como queda demostrado en CentOS 7. • http://www.securityfocus.com/bid/105539 https://www.openwall.com/lists/oss-security/2018/10/05/5 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-18021 – kernel: Privilege escalation on arm64 via KVM hypervisor
https://notcve.org/view.php?id=CVE-2018-18021
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes. arch/arm64/kvm/guest.c en KVM en el kernel de Linux en versiones anteriores a la 4.18.12 en la plataforma arm64 gestiona de manera incorrecta la llamada IOCTL KVM_SET_ON_REG. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93459d689d990b3ecfbe782fec89b97d3279 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d26c25a9d19b5976b319af528886f89cf455692d http://www.securityfocus.com/bid/105550 https://access.redhat.com/errata/RHSA-2018:3656 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.12 https://github.com/torvalds/linux/commit/2a3f93459d689d990b3ecfbe782fec89b97d3279 https://github.com/torvalds/linux/commit/d26c25a9d19b5 • CWE-20: Improper Input Validation •