Page 542 of 2944 results (0.015 seconds)

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 3

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. La función sctp_init en net/sctp/protocol.c en el kernel de Linux en versiones anteriores a 4.2.3 tiene una secuencia incorrecta de pasos de inicialización de protocolo, lo que permite a usuarios locales provocar una denegación de servicio (panic o corrupción de memoria) mediante la creación de sockets SCTP antes de haber finalizado todos los pasos. A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://patchwork.ozlabs.org/patch/515996 http://www.debian.org/security/2015/dsa-3372 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-665: Improper Initialization •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. drivers/usb/serial/whiteheat.c en el kernel Linux en versiones anteriores a 4.2.4 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero NULL y OOPS) o posiblemente tener otro impacto no especificado a través de un dispositivo USB manipulado. NOTA: este ID se utilizó de manera incorrecta para un problema de Apache Cordova que tiene el ID correcto CVE-2015-8320. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4 http://www.debian.org/security/2015/dsa-3372 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4 http://www.openwall.com/lists/oss-security/2015/09/23/1 http://www.securityfocus.com/bid/76834 http://www.ubuntu.com/usn/USN-2792-1 http://www.ubuntu.com/usn/USN-2794-1 http://www.ubuntu.com/usn/USN-2795-1 http://www.ubuntu.com/usn •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. Condición de carrera en la implementación del objeto IPC en el kernel de Linux hasta la versión 4.2.3 permite a usuarios locales obtener privilegios desencadenando una llamada a ipc_addid que conduce a comparaciones de uid y gid contra datos no inicializados, relacionada con msg.c, shm.c y util.c. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html http://lists.opensuse.org • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. La función virtnet_probe en drivers/net/virtio_net.c en el kernel de Linux en versiones anteriores a 4.2 intenta dar soporte a la funcionalidad FRAGLIST sin asignación adecuada de memoria, lo que permite a usuarios invitados del SO provocar una denegación de servicio (desbordamiento del buffer y corrupción de memoria) a través de una secuencia manipulada de paquetes fragmentados. A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171454.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169378.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1978.html http://rhn.redhat.com/errata/RH • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." La función prepend_path en fs/dcache.c en el kernel Linux en versiones anteriores a 4.2.4 no maneja adecuadamente el cambio de nombre de las acciones dentro de un enlace de montaje, lo que permite a usuarios locales eludir un mecanismo de protección destinado al contenedor mediante el cambio de nombre de un directorio, relacionado con un 'double-chroot attack'. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-254: 7PK - Security Features •