Page 533 of 2778 results (0.021 seconds)

CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. En el kernel de Linux, en versiones anteriores a la 4.20.6, "kernel/bpf/verifier.c" realiza especulaciones fuera de límites no deseables en la aritmética de punteros en varias ocasiones, incluyendo casos de diferentes ramas con distintos estados o límites que hay que sanear, conduciendo a ataques de canal lateral. It has been discovered that the Linux eBPF Spectre v1 mitigation is insufficient. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html http://www.securityfocus.com/bid/106827 https://bugs.chromium.org/p/project-zero/issues/detail?id=1711 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6 https://github.com/torvalds/ • CWE-189: Numeric Errors •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. La función hso_get_config_data en drivers/net/usb/hso.c en el kernel de Linux, hasta la versión 4.19.8, lee if_num desde el dispositivo USB (como un u8) y lo emplea para indexar un array pequeño, lo que resulta en una lectura de objetos fuera de límites (OOB) que podría permitir la lectura arbitraria en el espacio de direcciones del kernel. A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://hexhive.epfl.ch/projects/perifuzz https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-an • CWE-125: Out-of-bounds Read •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable. Se ha encontrado un error en la función handle_rx() del controlador [vhost_net] en el kernel de Linux. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://www.securityfocus.com/bid/106735 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880 https://support.f5.com/csp/article/K03593314 https://usn.ubuntu.com/3903-1 https://usn.ubuntu.com/3903-2 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. La implementación mincore() en mm/mincore.c en el kernel de Linux hasta la versión 4.19.13 permitía a los atacantes observar patrones de acceso a las páginas de caché de otros procesos en el mismo sistema, permitiendo el esnifado de información secreta. (Su arreglo afecta a la salida del programa fincore.) • https://github.com/mmxsrup/CVE-2019-5489 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en http://www.securityfocus.com/bid/106478 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html http://www.securityfocus.com/bid/106443 https://bugzilla.suse.com/show_bug.cgi?id=1120386 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html https://m • CWE-787: Out-of-bounds Write •