Page 557 of 2842 results (0.018 seconds)

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1

Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. Vulnerabilidad de consumo de pila en la función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux hasta 3.16.1 permite a usuarios locales causar una denegación de servicio (recursividad sin control y caída o reinicio del sistema) a través de un imagen iso9660 manipulado con una entrada CL que se refiere a una entrada del directorio que tiene una entrada CL. It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.in • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. La función kvm_iommu_map_pages en virt/kvm/iommu.c en el kernel de Linux hasta 3.16.1 calcula erróneamente el número de las páginas durante el manejo de un fallo en las asignaciones, lo que permite a usuarios del sistema operativo invitado (1) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) o posiblemente tener otro impacto no especificado mediante la provocación de un valor gfn grande o (2) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) mediante la provocación de un valor gfn pequeño que conduce a páginas fijadas (pinned) permanentemente. A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://secunia.com/advisories/60830 http://www.securityfocus.com/bid/69489 http://www.ubuntu.com/usn/USN-2356-1 http://www.ubuntu.com/usn/USN-2357&# • CWE-189: Numeric Errors •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 3

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. fs/namespace.c en el kernel de Linux hasta 3.16.1 no restringe debidamente la limpieza MNT_NODEV, MNT_NOSUID, y MNT_NOEXEC y el cambio MNT_ATIME_MASK durante un remontaje de un montaje bind, lo que permite a usuarios locales ganar privilegios, interferir con copias de seguridad y auditoria en sistemas que tenían atime habilitado, o causar una denegación de servicio (la actualización excesiva de sistemas de ficheros) en sistemas que tenían atime deshabilitado a través de un comando 'mount -o remount' dentro de un espacio para el nombre del usuario. • https://www.exploit-db.com/exploits/34923 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705 http://osvdb.org/show/osvdb/110055 http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html http://seclists.org/oss-sec/2014/q3/352 http://www.exploit-db.com/exploits/34923 http://www.openwall.com/lists/oss-security/2014/08/13/4 http://www.securityfocus.com/bid/69216 http:/& • CWE-269: Improper Privilege Management •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace. La función do_remount en fs/namespace.c en el kernel de Linux hasta 3.16.1 no mantiene el bit MNT_LOCK_READONLY durante el remontaje de un montaje bind, lo que permite a usuarios locales evadir las restricciones de sólo lectura y vencer ciertos mecanismos de protección sandbox a través de un comando 'mount -o remount' dentro de un espacio para el nombre del usuario. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6138db815df5ee542d848318e5dae681590fccd http://www.openwall.com/lists/oss-security/2014/08/13/4 http://www.securityfocus.com/bid/69214 http://www.ubuntu.com/usn/USN-2317-1 http://www.ubuntu.com/usn/USN-2318-1 https://bugzilla.redhat.com/show_bug.cgi?id=1129662 https://github.com/torvalds/linux/commit/a6138db815df5ee542d848318e5dae681590fccd • CWE-269: Improper Privilege Management •

CVSS: 7.1EPSS: 2%CPEs: 16EXPL: 0

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. La función sctp_assoc_update en net/sctp/associola.c en el kernel de Linux hasta 3.15.8, cuando la autenticación SCTP está habilitada, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y OOPS) mediante el inicio del establecimiento de una asociación entre dos endpoints inmediatamente después de un intercambio de fragmentos INIT y INIT ACK para establecer una asociación anterior entre estos endpoints en la dirección opuesta. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://rhn.redhat.com/errata/RHSA-2014-1083.html http://rhn.redhat.com/errata/RHSA-2014-1668.html http://rhn.redhat.com/errata/RHSA-2014-1763.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60430 h • CWE-476: NULL Pointer Dereference •