Page 553 of 3075 results (0.022 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit. La implementación Btrfs en el kernel de Linux anterior a 3.19 no asegura que el estado xattr visible sea consistente con un remplazo solicitado, lo que permite a usuarios locales evadir las configuraciones ACL y ganar privilegios a través de las operaciones del sistema de ficheros estándares (1) durante una ventana de tiempo de remplazo de xattr, relacionado con una condición de carrera o (2) después de intento de remplazo de xattr que falla porque la fecha no encaja. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html http://www.openwall.com/lists/oss-security/2015/03/24/11 http://www.securitytracker.com/id/1032418 https://bugzilla.redhat.com/show_bug.cgi?id=1205079 https://github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. Desbordamiento de buffer basado en pila en la función get_matching_model_microcode en arch/x86/kernel/cpu/microcode/intel_early.c en el kernel de Linux anterior a 4.0 permite a atacantes dependientes de contexto ganar privilegios mediante la construcción de una cabecera de microcódigo manipulada y el aprovechamiento de privilegios root para acceso de escritura al initrd. A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html http://rhn.redhat.com/errata/RHSA-2015-1534.html http://www.openwall.com/lists/oss-security/2015/03/20/18 http://www.securitytracker.com/id/1032414 https://bugzilla.redhat.com/show_bug.cgi?id=1204722 https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 https://access.redha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 1.9EPSS: 0%CPEs: 4EXPL: 0

arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. arch/x86/kernel/entry_64.S en el kernel de Linux anterior a 3.19.2 no impide que el indicador TS_COMPAT llegue a una tarea de modo de usuario, lo que podría permitir a usuarios locales evadir el mecanismo de protección de seccomp o de auditoria a través de una aplicación manipulada que utiliza la llamada de sistema (1) bifurcada o (2) cerrada, tal y como fue demostrado por un ataque sobre seccomp anterior a 3.16. A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=956421fbb74c3a6261903f3836c0740187cf038b http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1137.html http://rhn.redhat.com/errata/RHSA-2015-1138.html http://rhn.redhat.com/errata/RHSA-2015-1221.html http& • CWE-264: Permissions, Privileges, and Access Controls CWE-393: Return of Wrong Status Code •

CVSS: 3.3EPSS: 1%CPEs: 9EXPL: 2

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La función ndisc_router_discovery en net/ipv6/ndisc.c en la implementación de protocolo Neighbor Discovery (ND) en la pila IPv6 en el kernel de Linux anterior a 3.19.6 permite a atacantes remotos reconfigurar una configuración 'hop-limit' a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http:&# • CWE-17: DEPRECATED: Code CWE-454: External Initialization of Trusted Variables or Data Stores •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment. include/net/netfilter/nf_conntrack_extend.h en el subsistema netfilter en el kernel de Linux anterior a 3.14.5 utiliza un tipo de datos insuficientemente grande para ciertos datos de extensión, lo que permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y OOPS) a través de trafico de red saliente que provoca la carga de extensiones, tal y como fue demostrado mediante la configuración de un túnel PPTP en un entorno NAT. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279 http://marc.info/?l=netfilter-devel&m=140112364215200&w=2 http://rhn.redhat.com/errata/RHSA-2015-1534.html http://rhn.redhat.com/errata/RHSA-2015-1564.html http://www.debian.org/security/2015/dsa-3237 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5 http://www.openwall.com/lists/oss-security/2015/04/08/1 http://www.oracle.com/te • CWE-841: Improper Enforcement of Behavioral Workflow •