Page 558 of 2884 results (0.019 seconds)

CVSS: 4.7EPSS: 0%CPEs: 16EXPL: 0

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c. El kernel de Linux hasta 3.14.5 no considera debidamente la presencia de entradas hugetlb, lo que permite a usuarios locales causar una denegación de servicio (corrupción de memoria o caída de sistema) mediante el acceso a ciertas localizaciones de memoria, tal y como fue demostrado mediante el aprovechamiento de una condición de carrera a través de operaciones de lectura numa_maps durante la migración a hugepage, relacionado con fs/proc/task_mmu.c y mm/mempolicy.c. A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. • http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-1272.html http://secunia.com/advisories/59011 http://secunia.com/advisories/61310 http://www.openwall.com/lists/oss-security/2014/06/02/5 http://www.securityfocus.com/bid/67786 https://bugzilla.redhat.com/show_bug.cgi?id=1104097 https://lkml.org/lkml/2014/3/18/784 https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html https://access.redhat.com/se • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. Las implementaciones de extensión (1) BPF_S_ANC_NLATTR y (2) BPF_S_ANC_NLATTR_NEST en la función sk_run_filter en net/core/filter.c en el kernel de Linux hasta 3.14.3 no comprueban si un valor de cierta longitud es lo suficientemente grande, lo que permite a usuarios locales causar una denegación de servicio (subdesbordamiento de enteros y caída de sistema) a través de instrucciones BPF manipuladas. NOTA: el código afectado fue trasladado a las funciones __skb_get_nlattr y __skb_get_nlattr_nest antes de anunciar la vulnerabilidad. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 http://linux.oracle.com/errata/ELSA-2014-3052.html http://secunia.com/advisories/58990 http://secunia.com/advisories/59311 http://secunia.com/advisories/59597 http://secunia.com/advisories/60613 http://www.debian.org/security/2014/dsa-2949 http://www.openwall.com/lists/oss-security/2014/05/09/6 http://www.securityfocus.com/bid/67309 http://www.ubuntu. • CWE-190: Integer Overflow or Wraparound •

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. La función try_to_unmap_cluster en mm/rmap.c en el kernel de Linux anterior a 3.14.3 no considera debidamente que páginas deben cerrarse, lo que permite a usuarios locales causar una denegación de servicio (caída de sistema) mediante la provocación de una pauta de uso de memoria que requiere la eliminación de asignaciones de tablas de páginas. It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57e68e9cd65b4b8eb4045a1e0d0746458502554c http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.debian.org/security/2014/dsa-2926 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.3 http://www.openwall.com/lists/oss-security/2014/05/01/7 http://www.securityfocus.com/bid/67162 http://www.ubuntu.com/usn/USN-2240-1 https://bugzilla.redhat.com/show_bu • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. La implementación de extensión BPF_S_ANC_NLATTR_NEST en la función sk_run_filter en net/core/filter.c en el kernel de Linux hasta 3.14.3 utiliza el orden inverso en cierta resta, lo que permite a usuarios locales causar una denegación de servicio (sobrelectura y caída de sistema) a través de instrucciones BPF manipuladas. NOTA: el código afectado fue trasladado a la función __skb_get_nlattr_nest antes de anunciar la vulnerabilidad. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 http://linux.oracle.com/errata/ELSA-2014-3052.html http://secunia.com/advisories/58990 http://secunia.com/advisories/59311 http://secunia.com/advisories/59597 http://secunia.com/advisories/60613 http://www.debian.org/security/2014/dsa-2949 http://www.openwall.com/lists/oss-security/2014/05/09/6 http://www.securityfocus.com/bid/67321 http://www.securitytra • CWE-125: Out-of-bounds Read •

CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. La función raw_cmd_copyin en drivers/block/floppy.c en el kernel de Linux hasta 3.14.3 no maneja debidamente condiciones de error durante el procesado de una llamada FDRAWCMD ioctl, lo que permite a usuarios locales provocar operaciones kfree y ganar privilegios mediante el aprovechamiento de acceso de escritura hacia un dispositivo /dev/fd. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3043.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html http://rhn.redhat.com/errata/RHSA-2014-0800.html http://rhn.redhat.com/errata/RHSA-2014-0801.html http://secunia.com • CWE-754: Improper Check for Unusual or Exceptional Conditions •