Page 536 of 3884 results (0.024 seconds)

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. ** DISPUTADA ** Múltiples desbordamientos de enteros en la función lzo1x_decompress_safe en lib/lzo/lzo1x_decompress_safe.c en el descompresor LZO en el kernel de Linux anterior a 3.15.2 permiten a atacantes dependientes de contexto causar una denegación de servicio (corrupción de memoria) a través de un 'Literal Run' manipulado. NOTA: el autor de los algoritmos LZO algorithms dice que 'el kernel de Linux *no* está afectado; sensacionalismo periodístico.' An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0062.html http://secunia.com/advisori • CWE-190: Integer Overflow or Wraparound •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. La función snd_ctl_elem_add en sound/core/control.c de la implementación del control ALSA en el kernel de Linux anterior a 3.15.2 no comprueba la autorización para los comandos SNDRV_CTL_IOCTL_ELEM_REPLACE, lo que permite a usuarios locales eliminar los controles del kernel y provocar una denegación de servicio (usar después de liberar y una caída del sistema) al aprovechar el acceso a /dev/snd/controlICS para una llamada ioctl. A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82262a46627bebb0febcc26664746c25cef08563 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1083.html http://secunia.com/advisories/59434 http://secunia.com/advisories/59777 http://secunia.com/advisories/60545 http://secunia.com/advisories/60564 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 http://www.openwall.com/lists/o • CWE-416: Use After Free •

CVSS: 5.0EPSS: 4%CPEs: 8EXPL: 0

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. La función sctp_association_free en net/sctp/associola.cen en el kernel de Linux anterior a 3.15.2 no gestiona debidamente cierto valor de backlogs, lo que permite a atacantes remotos causar una denegación de servicio (interrupción del socket) mediante un paquete SCTP manipulado. An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d3217b15a19a4779c39b212358a5c71d725822ee http://linux.oracle.com/errata/ELSA-2014-3068.html http://linux.oracle.com/errata/ELSA-2014-3069.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://secunia.com/advisories/59777 http://secunia&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value. Error en el índice del array en la función aio_read_events_ring en fs/aio.c en el kernel de Linux hasta 3.15.1 permite a usuarios locales obtener información sensible de la memoria del kernel a través de un valor de cabecera grande. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=edfbbf388f293d70bf4b7c0bc38774d05e6f711a http://secunia.com/advisories/59278 http://www.securityfocus.com/bid/68176 http://www.securitytracker.com/id/1030479 http://www.securitytracker.com/id/1038201 https://bugzilla.redhat.com/show_bug.cgi?id=1094602 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edfbbf388f29 https://github.com/torvalds/linux/commit/edfbbf388f293d70bf4b7c0bc38774d05e6f711a http •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. mm/shmem.c en el kernel de Linux hasta 3.15.1 no implementa debidamente la interacción entre la notificación del rango y la creación de agujeros, lo que permite a usuarios locales causar una denegación de servicio (apropiación del i_mutex) mediante la llamada de sistema mmap para acceder a un agujero, tal y como fue demostrado mediante la interferencia con la actividad shmem intencionada a través del bloqueo del completado de (1) una llamada MADV_REMOVE madvise o (2) una llamada FALLOC_FL_PUNCH_HOLE fallocate. A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2 http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch http://rhn.redhat.com/errata/RHSA-2014-1318.html http://rhn.redhat.com/errata/RHSA-2015-0102.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http& •