Page 545 of 2884 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application. La función mdp_lut_hw_update en drivers/video/msm/mdp.c en el controlador de la pantalla de MDP para el kernel de Linux 3.x, utilizada en las contribuciones de Android Qualcomm Innovation Center (QuIC) para los dispositivos MSM y otros productos, no valida ciertos valores de arranque y longitud dentro de una llamada ioctl, lo que permite a atacantes ganar privilegios a través de una aplicación manipulada. • https://www.codeaurora.org/projects/security-advisories/improper-input-validation-mdp-driver-when-processing-color-maps • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 56%CPEs: 204EXPL: 1

The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. La función sctp_process_param en net/sctp/sm_make_chunk.c en la implementación SCTP en el kernel de Linux anterior a 3.17.4, cuando ASCONF está utilizado, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) a través de un chunk INIT malformado. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40607cbe270a9e8360907cb1e62ddf0736e4864 http://linux.oracle.com/errata/ELSA-2015-3004.html http://linux.oracle.com/errata/ELSA-2015-3005.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015& • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •

CVSS: 4.9EPSS: 0%CPEs: 204EXPL: 0

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. Condición de carrera en arch/x86/kvm/x86.c en el kernel de Linux anterior a 3.17.4 permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo invitado) a través de una aplicación manipulada que realiza una transacción MMIO o una transacción PIO para provocar un informe de error de emulación en el espacio del usuario invitado, un problema similar a CVE-2010-5313. It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2b9e6c1a35afcc0973acb72e591c714e78885ff http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2016-0855.html http://secunia.com/advisories/62305 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.9EPSS: 0%CPEs: 204EXPL: 0

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. La función do_double_fault en arch/x86/kernel/traps.c en el kernel de Linux hasta 3.17.4 no maneja debidamente los fallos asociados con el registro de segmentos Stack Segment (SS), lo que permite a usuarios locales causar una denegación de servicio (pánico) a través de una llamada al sistema modify_ldt, tal y como fue demostrado por sigreturn_32 en el suite de pruebas 'linux-clock-tests'. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f442be2fb22be02cafa606f1769fa1e6f894441 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://secunia.com/advisories/62336 http://www.debian.org/security/2014/dsa-3093 http://www.openwall.com/lists/oss-security/2014/11/26/5 https:// • CWE-17: DEPRECATED: Code •

CVSS: 4.6EPSS: 0%CPEs: 204EXPL: 1

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. El kernel de Linux hasta 3.17.4 no restringe debidamente la colocación de afiliaciones a grupos suplementarios en ciertos escenarios de espacios para nombres, lo que permite a usuarios locales evadir los permisos de ficheros mediante el aprovechamiento de un POSIX ACL que contiene una entrada para la categoría de grupo que está más restrictiva que la entrada para la otra categoría, también conocido como un problema de 'grupos negativos', relacionado con kernel/groups.c, kernel/uid16.c, y kernel/user_namespace.c. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://thread.gmane.org/gmane.linux.man/7385 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2014/11/20/4 http://www.securityfocus.com/bid/71154 http://www.ubuntu.com/usn/USN-2515-1 http://www.ubuntu.com/usn/USN-2516-1 http://www.ubuntu.com/usn/US • CWE-264: Permissions, Privileges, and Access Controls •