Page 547 of 4719 results (0.031 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a una gestión incorrecta de las estructuras de datos packet_fanout. Esto se debe a una condición de carrera (que afecta a fanout_add y packet_do_bind) que da lugar a un uso de memoria previamente liberada. Esta vulnerabilidad es diferente de CVE-2017-6346. It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. • https://www.exploit-db.com/exploits/44053 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e http://patchwork.ozlabs.org/patch/813945 http://patchwork.ozlabs.org/patch/818726 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6 http://www.securityfocus.com/bid/101573 https://access.redhat.com/errata/RHSA- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. Se ha encontrado una fuga de datos del kernel debido a una lectura fuera de límites en el kernel de Linux en las funciones inet_diag_msg_sctp{,l}addr_fill() y sctp_get_sctp_info() presentes desde la versión 4.7-rc1 hasta la versión 4.13. Ocurre una fuga de datos cuando estas funciones rellenan las estructuras de datos sockaddr utilizadas para exportar la información de diagnóstico del socket. • http://seclists.org/oss-sec/2017/q3/338 http://www.securityfocus.com/bid/100466 http://www.securitytracker.com/id/1039221 https://access.redhat.com/errata/RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2931 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558 https://marc.info/?l=linux-netdev&m=150348777122761&w=2 https://www.debian.org/security/2017/dsa-3981 https://access.redhat.com/security/cv • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. El subsistema x86/fpu (Floating Point Unit) en el kernel de Linux en versiones anteriores a la 4.13.5, cuando un procesador soporta la característica xsave pero no la xsaves, no gestiona correctamente los intentos de establecer bits reservados en la cabecera xstate mediante las llamadas de sistema ptrace() o rt_sigreturn(), lo que permite que usuarios locales lean los registros FPU de otros procesos en el sistema, relacionado con arch/x86/kernel/fpu/regset.c y arch/x86/kernel/fpu/signal.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5 https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e https://source.android.com/security/bulletin/pixel/2018-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. Condición de carrera en el subsistema ALSA en el kernel de Linux en versiones anteriores a la 4.13.8 permite que usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o posiblemente otro impacto mediante llamadas ioctl /dev/snd/seq ioctl manipuladas. Esto está relacionado con sound/core/seq/seq_clientmgr.c y sound/core/seq/seq_ports.c. A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026 http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 http://www.openwall.com/lists/oss-security/2017/10/11/3 http://www.securityfocus.com/bid/101288 http://www.securitytracker.com/id/1039561 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-201 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. El subsistema de claves KEYS en el kernel Linux hasta la versión 4.13.7 gestiona de manera incorrecta el uso de add_key para una clave que ya existe, pero no se ha probado, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que tengan un impacto sin especificar mediante una llamada del sistema manipulada. A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS). • https://access.redhat.com/errata/RHSA-2018:0654 https://bugzilla.redhat.com/show_bug.cgi?id=1498016 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://marc.info/?t=150654188100001&r=1&w=2 https://marc.info/?t=150783958600011&r=1&w=2 https://usn.ubuntu.com/3798-1 https://usn.ubuntu.com/3798-2 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html https://access.redhat.com/security/cve/CVE-2017-15299 • CWE-476: NULL Pointer Dereference •