Page 539 of 2724 results (0.019 seconds)

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2017-1000410 – kernel: Stack information leak in the EFS element

https://notcve.org/view.php?id=CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. • http://seclists.org/oss-sec/2017/q4/357 http://www.securityfocus.com/bid/102101 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://access.redhat.com/errata/RHSA-2018:1319 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17449 – kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity

https://notcve.org/view.php?id=CVE-2017-17449

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. La función __netlink_deliver_tap_skb en net/netlink/af_netlink.c en el kernel de Linux hasta la versión 4.14.4, cuando CONFIG_NLMON está habilitado, no restringe las observaciones de mensajes Netlink a un espacio de nombres de red único, lo que permite que usuarios locales obtengan información sensible utilizando la capacidad CAP_NET_ADMIN para rastrear una interfaz nlmon para toda la actividad Netlink en el sistema. The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. • http://www.securityfocus.com/bid/102122 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://lkml.org/lkml/2017/12/5/950 https://source.android.com/security/bulletin/pixel/2018-04-01 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubunt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2017-8824 – Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free

https://notcve.org/view.php?id=CVE-2017-8824

The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. La función dccp_disconnect en net/dccp/proto.c en el kernel de Linux hasta la versión 4.14.3 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante una llamada del sistema de conexión AF_UNSPEC durante el estado DCCP_LISTEN. A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges. The Linux kernel suffers from a DCCP socket use-after-free vulnerability. • https://www.exploit-db.com/exploits/43234 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.openwall.net/netdev/2017/12/04/224 http://www.openwall.com/lists/oss-security/2017/12/05/1 http://www.securityfocus.com/bid/102056 https://access.redhat.com/errata/RHSA-2018:0399 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://acces • CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 3

CVE-2017-1000405 – Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page

https://notcve.org/view.php?id=CVE-2017-1000405

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. • https://www.exploit-db.com/exploits/44305 https://www.exploit-db.com/exploits/43199 http://www.securityfocus.com/bid/102032 http://www.securitytracker.com/id/1040020 https://access.redhat.com/errata/RHSA-2018:0180 https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 https://source.android.com/security/bulletin/pixel/2018-02-01 https://access.redhat.com/security/cve/CVE-2017-1000405 https://bugzilla.redhat.com/show_bug.cgi?id=1516514 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-5321

https://notcve.org/view.php?id=CVE-2010-5321

Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsistema videobuf en el kernel de Linux 2.6.x hasta la versión 4.x permite a usuarios locales causar una denegación de servicio (consumo de memoria) aprovechando el acceso /dev/video para una serie de llamadas mmap que requieren nuevas asignaciones, una vulnerabilidad diferente a CVE-2007-6761. NOTA: a partir de 18-06-2016, esto afecta sólo a 11 controladores que no se han actualizado para utilizar videobuf2 en lugar de videobuf. • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 http://www.openwall.com/lists/oss-security/2015/02/08/4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340 https://bugzilla.kernel.org/show_bug.cgi?id=120571 https://bugzilla.redhat.com/show_bug.cgi?id=620629 • CWE-772: Missing Release of Resource after Effective Lifetime •