CVE-2018-14634 – Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-14634
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. Se ha encontrado un error de desbordamiento de enteros en la función create_elf_tables() del kernel de Linux. Un usuario local sin privilegios con acceso al binario SUID (o a otro privilegiado) podría emplear este error para escalar sus privilegios en el sistema. • https://www.exploit-db.com/exploits/45516 http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/105407 https://access.redhat.com/errata/RHSA-2018:2748 https://access.redhat.com/errata/RHSA-2018:2763 https://access.redhat.com/errata/RHSA-2018:2846 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018:2925 https://access.redhat.com/errata/RHSA-2018:2933 https://access.redhat.com/errata/RHSA- • CWE-190: Integer Overflow or Wraparound •
CVE-2018-14633 – kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target
https://notcve.org/view.php?id=CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. • http://www.securityfocus.com/bid/105388 https://access.redhat.com/errata/RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2019:1946 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-17182 – Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-17182
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.18.8. La función vmacache_flush_all en mm/vmacache.c manipula incorrectamente los desbordamientos de números de secuencias. • https://www.exploit-db.com/exploits/45497 https://github.com/jas502n/CVE-2018-17182 https://github.com/likescam/CVE-2018-17182 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 http://www.securityfocus.com/bid/105417 http://www.securityfocus.com/bid/106503 http://www.securitytracker.com/id/1041748 https://access.redhat.com/errata/RHSA-2018:3656 https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 https: • CWE-416: Use After Free •
CVE-2018-10853 – kernel: kvm: guest userspace to guest kernel write
https://notcve.org/view.php?id=CVE-2018-10853
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. Se ha encontrado un error en la forma en la que el hipervisor KVM del kernel de Linux en versiones anteriores a la 4.18 emulaba instrucciones como sgdt/sidt/fxsave/fxrstor. No comprobó el nivel de privilegios actual (CPL) al emular instrucciones sin privilegios. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0103 https://access.redhat.com/errata/RHSA-2020:0179 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2018-16658 – kernel: Information leak in cdrom_ioctl_drive_status
https://notcve.org/view.php?id=CVE-2018-16658
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.18.6. Una fuga de información en cdrom_ioctl_drive_status en drivers/cdrom/cdrom.c podría ser empleada por atacantes locales para leer memoria del kernel debido a que una conversión de un long no firmado a int interfiere con la comprobación de límites. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 http://www.securityfocus.com/bid/105334 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:4154 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.6 https://github.com/torvalds/linux/commit/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 https://lists.debian.org/debian-lts-announce/2018/10/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •