Page 591 of 3790 results (0.025 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. La función tipc_nl_compat_link_dump en net/tipc/netlink_compat.c en el kernel de Linux hasta la versión 4.6.3 no copia adecuadamente una cierta cadena, lo que permite a usuarios locales obtener información sensible de la memoria de pila del kernel leyendo un mensaje Netlink. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d2be1422e02ccd697ccfcd45c85b4a26e6178e2 http://www.debian.org/security/2016/dsa-3607 http://www.openwall.com/lists/oss-security/2016/06/03/4 http://www.securityfocus.com/bid/91334 http://www.ubuntu.com/usn/USN-3049-1 http://www.ubuntu.com/usn/USN-3050-1 http://www.ubuntu.com/usn/USN-3051-1 http://www.ubuntu.com/usn/USN-3052-1 http://www.ubuntu.com/usn/USN-3053-1 http:// • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. La función snd_compress_check_input en sound/core/compress_offload.c en el subsistema ALSA en el kernel de Linux en versiones anteriores a 3.17 no comprueba correctamente un desbordamiento de enteros, lo que permite a usuarios locales provocar una denegación de servicio (insuficiente asignación de memoría) o posiblemente tener otros impactos no especificados a través de una llamada SNDRV_COMPRESS_SET_PARAMS ioctl manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://www.debian.org/security/2016/dsa-3616 http://www.securityfocus.com/bid/91510 http://www.securitytracker.com/id/1036189 https://github.com/torvalds/linux/c •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores involucrando un comando keyctl request2 manipulado. A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org • CWE-253: Incorrect Check of Function Return Value •

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. La función rds_inc_info_copy en net/rds/recv.c en el kernel de Linux hasta la versión 4.6.3 no inicializa un cierto miembro de estructura, lo que permite a atacantes remotos obtener información sensible de la memoria de pila del kernel leyendo un mensaje RDS. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. Múltiples desbordamientos de buffer basado en memoria dinámica en la función hiddev_ioctl_usage en drivers/hid/usbhid/hiddev.c en el kernel de Linux hasta la versión 4.6.3 permiten a usuarios locales provocar una denegación de servicio o tener posiblemente otro impacto no especificado a través de una llamada (1) HIDIOCGUSAGES o (2) HIDIOCSUSAGES ioctl manipulada. A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •