Page 573 of 2913 results (0.015 seconds)

CVSS: 4.9EPSS: 0%CPEs: 32EXPL: 0

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Xen 3.3.x hasta la versión 4.5.x y en el kernel de Linux hasta la versión 3.19.1 no restringe adecuadamente el acceso al registro de comandos PCI, lo que podría permitir a usuarios locales del SO invitados provocar una denegación de servicio (interrupción no enmascarable y caída del host) deshabilitando (1) la memoria o (2) la descodificación I/O para un dispositivo PCI Express posteriormente accediendo al dispositivo, lo que desencadena una respuesta Unsupported Request (UR). • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. La implementación InfiniBand (IB) en el paquete del kernel de Linux anterior a 2.6.32-504.12.2 en Red Hat Enterprise Linux (RHEL) 6 no restringe adecuadamente el uso de User Verbs para el registro de regiones de memoria, lo que permite a usaurios locales acceder de forma arbitraria a ubicaciones de la memoria física, y consecuentemente causar una denegación de servicio (caída del sistema) u obtener privilegios, aprovechando permisos en un dispositivo uverbs bajo /dev/infiniband/. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg0001 • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. Condición de carrera en la función handle_to_path en fs/fhandle.c en el Kernel de Linux a través de 3.19.1 permite a usuarios locales evadir las restricciones del tamaño y lanzar operaciones de lectura en ubicaciones de memoria adicionales cambiando el valor de handle_bytes del manejador del archivo durante la ejecución de su función. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://marc.info/?l=linux-kernel&m=142247707318982&w=2 http://www.debian.org/security/2015/dsa-3170 http://www.openwall • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 10.0EPSS: 5%CPEs: 12EXPL: 0

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. Vulnerabilidad de uso después de liberación en la función sctp_assoc_update en net/sctp/associola.c en el Kernel de Linux anterior a 3.18.8 permite a atacantes remotos causar una denegación de servicio (corrupción de bloque y pánico) o la posibilidad de tener otro impacto no especificado mediante la provocación de una colisión INIT que lleva al manejo inadecuado de datos de shared-key. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=600ddd6825543962fb807884169e57b580dba208 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-0726.html http://rhn.redhat.com/errata/RHSA-2015-0751.html http://rhn.redhat.com/errata/RHSA-2015-0782.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://rhn.redhat. • CWE-416: Use After Free •

CVSS: 3.6EPSS: 0%CPEs: 4EXPL: 0

Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. Error de superación de límite (off-by-one) en la función ecryptfs_decode_from_filename en fs/ecryptfs/crypto.c en el subsistema eCryptfs en el kernel de Linux anterior a 3.18.2 permite a usuarios locales causar una denegación de servicio (desbordamiento de buffer y caída del sistema) o posiblemente ganar privilegios a través de un nombre de fichero manipulado. A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=942080643bce061c3dd9d5718d3b745dcb39a8bc http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1272.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/02/17/9 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •