CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2017-16533
https://notcve.org/view.php?id=CVE-2017-16533
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. La función usbhid_parse en drivers/hid/usbhid/hid-core.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. • http://www.securityfocus.com/bid/102026 https://github.com/torvalds/linux/commit/f043bfc98c193c284e2cd768fefabe18ac2fed9b https://groups.google.com/d/msg/syzkaller/CxkJ9QZgwlM/O3IOvAaGAwAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16531
https://notcve.org/view.php?id=CVE-2017-16531
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. drivers/usb/core/config.c en el kernel de Linux, en versiones anteriores a la 4.13.6, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas que utilizan un descriptor USB_DT_INTERFACE_ASSOCIATION. • http://www.securityfocus.com/bid/102025 https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15951
https://notcve.org/view.php?id=CVE-2017-15951
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.13.10 no sincroniza correctamente las acciones de actualización con las de detección de una clave en el estado "negative" para evitar una condición de carrera, lo que permite que los usuarios locales provoquen una denegación de servicio (DoS) o, posiblemente, cause otro impacto no especificado mediante llamadas al sistema manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10 http://www.securityfocus.com/bid/101621 https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 7CVE-2017-5123 – Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-5123
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Una comprobación de datos insuficiente en waitid permitía a un usuario escapar de los sandbox en Linux • https://www.exploit-db.com/exploits/43127 https://www.exploit-db.com/exploits/43029 https://github.com/c3r34lk1ll3r/CVE-2017-5123 https://github.com/0x5068656e6f6c/CVE-2017-5123 https://github.com/FloatingGuy/CVE-2017-5123 https://github.com/teawater/CVE-2017-5123 https://github.com/h1bAna/CVE-2017-5123 https://crbug.com/772848 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51 https://security.netapp.com/adviso • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15649 – Linux Kernel - 'AF_PACKET' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-15649
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a una gestión incorrecta de las estructuras de datos packet_fanout. Esto se debe a una condición de carrera (que afecta a fanout_add y packet_do_bind) que da lugar a un uso de memoria previamente liberada. Esta vulnerabilidad es diferente de CVE-2017-6346. It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. • https://www.exploit-db.com/exploits/44053 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e http://patchwork.ozlabs.org/patch/813945 http://patchwork.ozlabs.org/patch/818726 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6 http://www.securityfocus.com/bid/101573 https://access.redhat.com/errata/RHSA- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •