Page 541 of 2901 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores involucrando un comando keyctl request2 manipulado. A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org • CWE-253: Incorrect Check of Function Return Value •

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. La función rds_inc_info_copy en net/rds/recv.c en el kernel de Linux hasta la versión 4.6.3 no inicializa un cierto miembro de estructura, lo que permite a atacantes remotos obtener información sensible de la memoria de pila del kernel leyendo un mensaje RDS. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. Múltiples desbordamientos de buffer basado en memoria dinámica en la función hiddev_ioctl_usage en drivers/hid/usbhid/hiddev.c en el kernel de Linux hasta la versión 4.6.3 permiten a usuarios locales provocar una denegación de servicio o tener posiblemente otro impacto no especificado a través de una llamada (1) HIDIOCGUSAGES o (2) HIDIOCSUSAGES ioctl manipulada. A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call. Error de entero sin signo en el controlador de audio MSM QDSP6 para el kernel de Linux 3.x, según se utiliza en contribuciones Android Qualcomm Innovation Center (QuIC) para dispositivos MSM y otros productos, permite a atacantes obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada que hace una llamada ioctl. • http://source.android.com/security/bulletin/2016-06-01.html http://www.securityfocus.com/bid/91046 https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88 https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. Error de entero sin signo en el controlador de video MSM V4L2 para el kernel de Linux 3.x, según se utiliza en contribuciones Android Qualcomm Innovation Center (QuIC) para dispositivos MSM y otros productos, permite a atacantes obtener privilegios o provocar una denegación de servicio (desbordamiento de array y corrupción de memoria) a través de una aplicación manipulada que desencadena una llamada msm_isp_axi_create_stream. • http://source.android.com/security/bulletin/2016-06-01.html https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.18/commit/id=79db14ca9f791a14be9376a0340ad3b9b9a4d603 https://www.codeaurora.org/array-overflow-msm-v4l2-video-driver-allows-kernel-memory-corruption-cve-2016-2061 • CWE-269: Improper Privilege Management •