Page 534 of 2886 results (0.023 seconds)

CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0

Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. Vulnerabilidad de condición de carrera en net/stcp/socket.c en el kernel de Linux en versiones anteriores a 4.1.2, permite a usuarios locales causar una denegación de servicio (lista corrupta y pánico) a través de una serie de llamadas al sistema relacionadas con sockets, según lo demostrado por las llamadas setsockopt. A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d45a02d0166caf2627fe91897c6ffc3b19514c4 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://rhn.redhat.com/errata/RHSA-2015-1778.html http://rhn.redhat.com/errata/RHSA-2015-1787.html http://www.debian.org/security/2015/dsa-3329 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2 http://www.ora • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. Vulnerabilidad en la función get_bitmap en drivers/md/md.c en el kernel de Linux en versiones anteriores a 4.1.6, no inicializa una cierta estructura de datos de mapa de bits, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una llamada a GET_BITMAP_FILE de ioctl . • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0

Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. Vulnerabilidad de uso después de liberación de memoria en la función path_openat en fs/namei.c en el kernel de Linux 3.x y 4.x en versiones anteriores a 4.0.4, permite a usuarios locales causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de las operaciones de archivos de sistema O_TMPFILE que aprovecha una operación de limpieza duplicada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0 http://twitter.com/grsecurity/statuses/597127122910490624 http://www.debian.org/security/2015/dsa-3329 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.4 http://www.openwall.com/lists/oss-security/2015/08/01/5 http://www.securityfocus.com/bid/76142 http://www.ubuntu.com/usn/USN-2680-1 http://www.ubuntu.com/usn/USN-2681-1 https://bugzilla.redhat& • CWE-416: Use After Free •

CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities ** DISPUTADA ** Kernel Samepage Merging (KSM) en el kernel de Linux 2.6.32 hasta la versión 4.x no previene el uso de un canal lateral de sincronización de escritura, lo que permite a usuarios invitados del SO derrotar el mecanismo de protección de ASLR en otras instancias invitadas del SO a través de un ataque Cross-VM ASL INtrospection (CAIN). NOTA: el vendedor afirma "Básicamente si te preocupa este vector de ataque, inhabilita la deduplicación". Enfoques de compartir hasta escritura para conservación de memoria entre inquilinos mutuamente desconfiados son inherentemente detectables para divulgación de información y pueden clasificarse como comportamientos potencialmente malinterpretados en lugar de vulnerabilidades. • http://www.antoniobarresi.com/files/cain_advisory.txt http://www.kb.cert.org/vuls/id/935424 http://www.securityfocus.com/bid/76256 https://bugzilla.redhat.com/show_bug.cgi?id=1252096 https://www.kb.cert.org/vuls/id/BGAR-A2CNKG https://www.kb.cert.org/vuls/id/BLUU-9ZAHZH https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. Vulnerabilidad de fuga de memoria en la función __key_link_end en security/kesy/keyring.c en el kernel de Linux en versiones anteriores a 4.1.4, permite a usuarios locales causar una denegación de servicio (consumo de memoria) a través de muchas llamadas al sistema add_key que hacen referencia a las claves existentes. It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 http://rhn.redhat.com/errata/RHSA-2015-1778.html http://rhn.redhat.com/errata/RHSA-2015-1787.html http://www.debian.org/security/2015/dsa-3329 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4 http://www.openwall.com/lists/oss-security/2015/07/27/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •