Page 534 of 2748 results (0.022 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. La función xfs_bmap_extents_to_btree en fs/xfs/libxfs/xfs_bmap.c en el kernel de Linux, hasta la versión 4.16.3, permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL en xfs_bmapi_write) mediante una imagen xfs manipulada. • http://www.securityfocus.com/bid/103959 https://bugzilla.kernel.org/show_bug.cgi?id=199423 https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com/3752-3 https://usn.ubuntu.com/3754-1 https://usn.ubuntu.com/4486-1 https://www.debian.org/security/2018/dsa-4188 https://www.spinics.net/lists/linux-xfs/msg17254.html • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. La función udl_fb_mmap en drivers/gpu/drm/udl/udl_fb.c en el kernel de Linux en su versión 3.4 y hasta e incluyendo la versión 4.15 tiene una vulnerabilidad de desbordamiento de enteros que permite que usuarios locales con acceso al controlador udldrmfb obtengan permisos totales de lectura y escritura en páginas físicas del kernel, lo que resulta en la ejecución de código en el espacio del kernel. A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://patchwork.freedesktop.org/patch/211845 https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3656-1 https://usn.ubuntu.com/3674-1 https://usn.ubuntu.com&#x • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval. La función hi3660_stub_clk_probe en drivers/clk/hisilicon/clk-hi3660-stub.c en el kernel de Linux, en versiones anteriores a la 4.16, permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL) al desencadenar un error de recuperación de recursos. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9903e41ae1f5d50c93f268ca3304d4d7c64b9311 https://github.com/torvalds/linux/commit/9903e41ae1f5d50c93f268ca3304d4d7c64b9311 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables ** EN DISPUTA ** drivers/scsi/libsas/sas_scsi_host.c en el kernel de Linux en versiones anteriores a la 4.16 permite que los usuarios locales provoquen una denegación de servicio (ata qc leak) al desencadenarse una serie de condiciones de fallo. NOTA: un tercero discute la relevancia de este informe debido a que el error solo puede ocurrir para atacantes físicamente cercanos que desconectan los cables SAS Host Bus Adapter. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=318aaf34f1179b39fa9c30fa0f3288b645beee39 https://bugzilla.suse.com/show_bug.cgi?id=1089281 https://github.com/torvalds/linux/commit/318aaf34f1179b39fa9c30fa0f3288b645beee39 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3678-1 https://usn.ubuntu.com/3678-2 https://usn.ubuntu.com/3678-3 https://usn.ubuntu.com/3678-4 https://usn.ubuntu.com/3696-1 https://usn.ubuntu •

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. La función ext4_fill_super en fs/ext4/super.c en el kernel de Linux hasta la versión 4.15.15 no inicializa siempre el controlador de las sumas de verificación crc32c, lo que permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL en ext4_xattr_inode_hash y cierre inesperado del sistema) mediante una imagen ext4 manipulada. The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image. • http://openwall.com/lists/oss-security/2018/03/29/1 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199183 https://bugzilla.redhat.com/show_bug.cgi?id=1560788 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.g • CWE-476: NULL Pointer Dereference •