Page 561 of 2909 results (0.017 seconds)

CVSS: 5.0EPSS: 4%CPEs: 8EXPL: 0

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. La función sctp_association_free en net/sctp/associola.cen en el kernel de Linux anterior a 3.15.2 no gestiona debidamente cierto valor de backlogs, lo que permite a atacantes remotos causar una denegación de servicio (interrupción del socket) mediante un paquete SCTP manipulado. An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d3217b15a19a4779c39b212358a5c71d725822ee http://linux.oracle.com/errata/ELSA-2014-3068.html http://linux.oracle.com/errata/ELSA-2014-3069.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://secunia.com/advisories/59777 http://secunia&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value. Error en el índice del array en la función aio_read_events_ring en fs/aio.c en el kernel de Linux hasta 3.15.1 permite a usuarios locales obtener información sensible de la memoria del kernel a través de un valor de cabecera grande. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=edfbbf388f293d70bf4b7c0bc38774d05e6f711a http://secunia.com/advisories/59278 http://www.securityfocus.com/bid/68176 http://www.securitytracker.com/id/1030479 http://www.securitytracker.com/id/1038201 https://bugzilla.redhat.com/show_bug.cgi?id=1094602 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edfbbf388f29 https://github.com/torvalds/linux/commit/edfbbf388f293d70bf4b7c0bc38774d05e6f711a http •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. mm/shmem.c en el kernel de Linux hasta 3.15.1 no implementa debidamente la interacción entre la notificación del rango y la creación de agujeros, lo que permite a usuarios locales causar una denegación de servicio (apropiación del i_mutex) mediante la llamada de sistema mmap para acceder a un agujero, tal y como fue demostrado mediante la interferencia con la actividad shmem intencionada a través del bloqueo del completado de (1) una llamada MADV_REMOVE madvise o (2) una llamada FALLOC_FL_PUNCH_HOLE fallocate. A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2 http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch http://rhn.redhat.com/errata/RHSA-2014-1318.html http://rhn.redhat.com/errata/RHSA-2015-0102.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http& •

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 1

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. La función media_device_enum_entities en drivers/media/media-device.c en el kernel de Linux anterior a 3.14.6 no inicializa cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel mediante el aprovechamiento del acceso a lectura /dev/media0 para una llamada MEDIA_IOC_ENUM_ENTITIES ioctl. An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes. • https://www.exploit-db.com/exploits/39214 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://secunia.com/advisories/59597 http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. arch/x86/kernel/entry_32.S en el kernel de Linux hasta 3.15.1 en plataformas de 32-bit x86, cuando la auditoria de llamadas de sistema está habilitada y la etiqueta de la funcionalidad de la CPU sep está configurada, permite a usuarios locales causar una denegación de servicio (OOPS y caída del sistema) a través de un número de llamada de sistema inválido, tal y como fue demostrado por el número 1000. A flaw was found in the Linux kernel’s system-call auditing support(CONFIG_AUDITSYSCALL) for 32-bit platforms. It is vulnerable to a crash caused by erroneous handling of bad system call numerals. This issue occurs during syscall(2) calls if system-call auditing is enabled on the system. This flaw allows an unprivileged user or process to crash the system kernel, resulting in a denial of service. • http://article.gmane.org/gmane.linux.kernel/1726110 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://openwall.com/lists/oss-security/2014/06/20/1 http://secunia.com/advisories/58964 http://secunia.com/advisories/60564 http://www.openwall.com/lists/oss-security/2014/06/20/10 http://www.openwall.com&# • CWE-189: Numeric Errors CWE-391: Unchecked Error Condition •