Page 549 of 2841 results (0.027 seconds)

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." drivers/vfio/pci/vfio_pci.c en el kernel Linux hasta la versión 4.8.11 permite a usuarios locales eludir comprobaciones de desbordamiento de enteros, y provocar una denegación de servicio (corrupción de memoria) o tener otro posible impacto no especificado, aprovechando el acceso al archivo de dispositivo vfio PCI para una llamada ioctl VFIO_DEVICE_SET_IRQS, vulnerabilidad también conocida como "state machine confusion bug". A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a http://rhn.redhat.com/errata/RHSA-2017-0386.html http://rhn.redhat.com/errata/RHSA-2017-0387.html http://www.openwall.com/lists/oss-security/2016/10/26/11 http://www.securityfocus.com/bid/93929 https://bugzilla.redhat.com/show_bug.cgi?id=1389258 https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a https://patchwork.kernel.org/patch/9373631 https:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-391: Unchecked Error Condition •

CVSS: 10.0EPSS: 73%CPEs: 7EXPL: 0

The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. La función sctp_sf_ootb en net/sctp/sm_statefuns.c en el kernel Linux en versiones anteriores a 4.8.8 carece de comprobación de longitud de fragmento para el primer fragmento, lo que permite a atacantes remotos provocar una denegación de servicio (acceso slab fuera de límites) o tener otro posible impacto no especificado a través de datos SCTP manipulados. A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html http://lists.opensuse.org • CWE-125: Out-of-bounds Read •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. La pila TCP en el kernel Linux en versiones anteriores a 4.8.10 maneja incorrectamente el truncamiento skb, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) a través de una aplicación manipulada que hace llamadas de sistema sendto, relacionado con net/ipv4/tcp_ipv4.c y net/ipv6/tcp_ipv6.c. It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10 http://www.openwall.com/lists/oss-security/2016/11/11/3 http://www.openwall.com/lists/oss-security/2016/11/30/3 http://www.securityfocus.com/bid/94264 http://www.securitytracker.com/id/1037285 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https: • CWE-284: Improper Access Control CWE-617: Reachable Assertion •

CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0

Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. Condición de carrera en la función get_task_ioprio en block/ioprio.c en el kernel de Linux en versiones anteriores a 4.6.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso posterior a la llamada) mediante una llamada manipulada al sistema ioprio_get. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4 http://source.android.com/security/bulletin/2016-11-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6 http://www.securityfocus.com/bid/94135 https://github.com/torvalds/linux/commit/8ba8682107ee2ca3347354e018865d8e1967c5f4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0

The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. La función xc2028_set_config en drivers/media/tuners/tuner-xc2028.c en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) mediante vectores que implican la omisión del nombre de firmware de una determinada estructura de datos. The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 http://source.android.com/security/bulletin/2016-11-01.html http://www.securityfocus.com/bid/94201 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 https://usn&# • CWE-416: Use After Free •