Page 539 of 2841 results (0.024 seconds)

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. Se ha encontrado un fallo en el manejo del kernel de Linux para borrar los atributos SELinux de los ficheros /proc/pid/attr en versiones anteriores a la 4.9.10. Una escritura vacía (null) en este archivo puede cerrar de manera inesperada el sistema haciendo que el sistema intente acceder a la memoria no mapeada del kernel. A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. • http://www.securityfocus.com/bid/96272 https://access.redhat.com/errata/RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0933 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125 https://marc.info/?l=selinux&m=148588165923772&w=2 https://www.debian.org/security/2017/dsa-3791 https://access.redhat. • CWE-193: Off-by-one Error CWE-682: Incorrect Calculation •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0

The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. La función tcp_splice_read en net/ipv4/tcp.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y bloqueo débil) a través de vectores que involucran un paquete TCP con la bandera URG. A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82 http://www.debian.org/security/2017/dsa-3804 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 http://www.securityfocus.com/bid/96421 http://www.securitytracker.com/id/1037897 https://access.redhat.com/errata/RHSA-2017:1372 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://access.redhat.com/errata& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology. Desbordamiento de entero en la función mem_check_range en drivers/infiniband/sw/rxe/rxe_mr.c en el kernel de Linux en versiones anteriores a 4.9.10 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria), obtener información sensible desde la memoria del kernel, o posiblemente tener otro impacto no especificado a través de una petición de escritura o lectura involucrando a la tecnología "RDMA protocol over infiniband" (también conocida como Soft RoCE). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10 http://www.openwall.com/lists/oss-security/2017/02/11/9 http://www.securityfocus.com/bid/96189 https://bugzilla.redhat.com/show_bug.cgi?id=1421981 https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636 https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. Condición de carrera en kernel/events/core.c en el kernel de Linux en versiones anteriores a 4.9.7 permite a usuarios locales obtener privilegios a través de una aplicación manipulada que hace llamadas concurrentes al sistema perf_event_open para mover un grupo de software en un contexto hardware. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-6786. It was found that the original fix for CVE-2016-6786 was incomplete. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290 http://www.debian.org/security/2017/dsa-3791 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7 http://www.openwall.com/lists/oss-security/2017/02/16/1 http://www.securityfocus.com/bid/96264 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. Condición de carrera en la función sctp_wait_for_sndbuf en net/sctp/socket.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a usuarios locales provocar una denegación de servicio (fallo de aserción y pánico) a través de una aplicación multihilo que despega una asociación en un cierto estado de búfer completo. It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90 http://www.debian.org/security/2017/dsa-3804 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 http://www.openwall.com/lists/oss-security/2017/02/14/6 http://www.securityfocus.com/bid/96222 https://access.redhat.com/errata/RHSA-2017:1308 https://bugzilla.redhat.com/show_bug.cgi?id=1420276 https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •