Page 574 of 4734 results (0.018 seconds)

CVSS: 7.6EPSS: 0%CPEs: 11EXPL: 0

The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. La función regulator_ena_gpio_free en drivers/regulator/core.c en el kernel de Linux anterior a la versión 3.19 permite a usuarios locales elevar sus privilegios o provocar una denegación de servicio (uso después de liberación) a través de una aplicación especialmente diseñada para aprovechar el fallo. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/98195 https://github.com/torvalds/linux/commit/60a2362f769cf549dc466134efe71c8bf9fbaaba https://source.android.com/security/bulletin/2017-05-01 • CWE-416: Use After Free •

CVSS: 10.0EPSS: 90%CPEs: 8EXPL: 0

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. Las implementaciones de los servidores NFSv2 y NFSv3 en versiones del kernel de Linux 4.10.13 y anteriores, no realizan ciertas comprobaciones de la parte final de un búfer lo que permitiría a atacantes remotos desencadenar errores de aritmética de punteros o provocar otro impacto inespecífico a través de peticiones especialmente diseñadas. Relacionado con fs/nfsd/nfs3xdr.c y fs/nfsd/nfsxdr.c. The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. • http://www.debian.org/security/2017/dsa-3886 http://www.securityfocus.com/bid/98085 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1715 https://access.redhat.com/errata/RHSA-2017:1723 https://access.redhat.com/errata/RHSA-2017:1766 https://access.redhat.com/errata/RHSA-2017:1798 https://access.redhat.com/errata/RHSA-2017:2412 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. Un desbordamiento de buffer basado en memoria dinámica en drivers/net/macsec.c del módulo MACsec en el kernel del Linux hasta la versión 4.10.12, permitiría a los atacantes causar una denegación de servicio u otro tipo de impacto no especificado al aprovechar el uso de la propiedad MAX_SKB_FRAGS+1 junto con la propiedad NETIF_F_FRAGLIST, provocando un error en la función skb_to_sgvec. A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. • http://www.securityfocus.com/bid/98014 http://www.securitytracker.com/id/1038500 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://bugzilla.redhat.com/show_bug.cgi?id=1445207 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5294b83086cc1c35b4efeca03644cf9d12282e5b https://access.redhat.com/security/cve • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 64EXPL: 0

The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer. La función handle_invept de arch/x86/kvm/vmx.c del Kernel de Linux, versiones 3.12 a 3.15, permite a los usuarios privilegiados del sistema operativo huésped de KVM causar una denegación de servicio (referencia a puntero nulo y caída del sistema operativo anfitrión) a través de una instrucción single-context INVEPT con puntero EPT nulo. • https://bugzilla.kernel.org/show_bug.cgi?id=195167 https://launchpad.net/bugs/1678676 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value. La función video_usercopy en drivers/media/video/v4l2-ioctl.c en el kernel de Linux en versiones anteriores a 2.6.39 se basa en el valor de conteo de una estructura de datos v4l2_ext_controls para determinar un tamaño de kmalloc, lo que podría permitir a usuarios locales causar una denegación de servicio (consumo de memoria) a través de un gran valor. • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 http://www.openwall.com/lists/oss-security/2015/02/08/4 http://www.securityfocus.com/bid/97986 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc0a80798576f80ca10b3f6c9c7097f12fd1d64e https://github.com/torvalds/linux/commit/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e • CWE-399: Resource Management Errors •