Page 553 of 4720 results (0.040 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. net/ipv4/route.c en el kernel Linux 4.13-rc1 en su versión 4.13-rc6 comprueba demasiado tarde el campo fi NULL cuando se establece RTM_F_FIB_MATCH, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL) o que tengan un impacto sin especificar mediante llamadas del sistema manipuladas. NOTA: Esto no afecta a ninguna distribución estable. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205 https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205 • CWE-476: NULL Pointer Dereference •

CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 1

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. Una condición de carrera en fs/timerfd.c en el kernel Linux en versiones anteriores a la 4.10.15 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (corrupción de lista o use-after-free) mediante operaciones simultáneas de descriptor de archivo que aprovechan la cola inadecuada might_cancel. A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • https://www.exploit-db.com/exploits/43345 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6 http://www.debian.org/security/2017/dsa-3981 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15 http://www.securityfocus.com/bid/100215 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:4057 https://access.redhat.com/e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. La función sanity_check_raw_super en fs/f2fs/super.c en el kernel Linux en versiones anteriores a la 4.11.1 no valida el conteo de segmentos, lo que permite que usuarios locales obtengan privilegios mediante vectores sin especificar. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1 http://www.securityfocus.com/bid/100215 https://bugzilla.redhat.com/show_bug.cgi?id=1481146 https://github.com/torvalds/linux/commit/b9dd46188edc2f0d1f37328637860bb65a771124 https://source.android.com/security/bulletin/2017-08-01 •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. La función sanity_check_ckpt en fs/f2fs/super.c en el kernel Linux en versiones anteriores a la 4.12.4 no valida los arrays blkoff y segno, lo que permite que usuarios locales obtengan privilegios mediante vectores sin especificar. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4 http://www.securityfocus.com/bid/100215 https://bugzilla.redhat.com/show_bug.cgi?id=1481149 https://github.com/torvalds/linux/commit/15d3042a937c13f5d9244241c7a9c8416ff6e82a https://source.android.com/security/bulletin/2017-08-01 • CWE-129: Improper Validation of Array Index •

CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 4

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. • https://www.exploit-db.com/exploits/45147 https://www.exploit-db.com/exploits/47169 https://www.exploit-db.com/exploits/43418 https://github.com/ol0273st-s/CVE-2017-1000112-Adpated http://seclists.org/oss-sec/2017/q3/277 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100262 http://www.securitytracker.com/id/1039162 https://access.redhat.com/errata/RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2930 https://access.redh • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •