CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2017-16527 – Ubuntu Security Notice USN-3485-2
https://notcve.org/view.php?id=CVE-2017-16527
04 Nov 2017 — sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. sound/usb/mixer.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada snd_usb_mixer_interrupt y cierre inesperado del sistema) o, posiblemente, causen otros impactos no es... • https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5331
https://notcve.org/view.php?id=CVE-2006-5331
29 Oct 2017 — The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction. La función altivec_unavailable_exception en arch/powerpc/kernel/traps.c en el kernel de Linux en versiones anteriores a la 2.6... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c4841c2b6c32a134f9f36e5e08857138cc12b10 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15951 – Ubuntu Security Notice USN-3485-2
https://notcve.org/view.php?id=CVE-2017-15951
28 Oct 2017 — The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.13.10 no sincroniza correctamente las acciones de actualización con las de detección de una clave en el estado "negative" para evitar una... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7518 – Kernel: KVM: debug exception via syscall emulation
https://notcve.org/view.php?id=CVE-2017-7518
27 Oct 2017 — A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. Se ha detectado un error en el kernel de Linux en versiones anteriores a la 4.12 en la forma en la que el módulo KVM proces... • http://www.openwall.com/lists/oss-security/2017/06/23/5 • CWE-250: Execution with Unnecessary Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 2%CPEs: 16EXPL: 10CVE-2017-5123 – Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-5123
25 Oct 2017 — Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Una comprobación de datos insuficiente en waitid permitía a un usuario escapar de los sandbox en Linux • https://packetstorm.news/files/id/144904 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15649 – Linux Kernel - 'AF_PACKET' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-15649
19 Oct 2017 — net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a... • https://www.exploit-db.com/exploits/44053 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2017-7558 – kernel: Out of bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() in SCTP stack
https://notcve.org/view.php?id=CVE-2017-7558
19 Oct 2017 — A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. Se ha encontrado una fuga de datos del kernel debido a una lectura fuera de límites en el kernel de Linux en la... • https://packetstorm.news/files/id/150552 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15537 – Ubuntu Security Notice USN-3469-2
https://notcve.org/view.php?id=CVE-2017-15537
17 Oct 2017 — The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. El subsistema x86/fpu (Floating Point Unit) en el kernel de Linux en versiones an... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15265 – kernel: Use-after-free in snd_seq_ioctl_create_port()
https://notcve.org/view.php?id=CVE-2017-15265
16 Oct 2017 — Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. Condición de carrera en el subsistema ALSA en el kernel de Linux en versiones anteriores a la 4.13.8 permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o posiblemente ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15299 – kernel: Incorrect updates of uninstantiated keys crash the kernel
https://notcve.org/view.php?id=CVE-2017-15299
14 Oct 2017 — The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. El subsistema de claves KEYS en el kernel Linux hasta la versión 4.13.7 gestiona de manera incorrecta el uso de add_key para una clave que ya existe, pero no se ha probado, lo que permite que usuarios locales pro... • https://access.redhat.com/errata/RHSA-2018:0654 • CWE-476: NULL Pointer Dereference •