CVE-2017-15129 – kernel: net: double-free and memory corruption in get_net_ns_by_id()
https://notcve.org/view.php?id=CVE-2017-15129
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. Se ha descubierto una vulnerabilidad en los nombres de espacio de red que afecta al kernel de Linux en versiones anteriores a la 4.14.11. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0 http://seclists.org/oss-sec/2018/q1/7 http://www.securityfocus.com/bid/102485 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/security/cve/CVE-2017-15129 https://bugzilla.redhat.com/show_bug.cgi& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-16646
https://notcve.org/view.php?id=CVE-2017-16646
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. drivers/media/usb/dvb-usb/dib0700_devices.c en el kernel de Linux, en versiones hasta la 4.13.11, permite que los usuarios locales provoquen una denegación de servicio (error y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante un dispositivo USB manipulado. • http://www.securityfocus.com/bid/101846 https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ https://patchwork.linuxtv.org/patch/45291 https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 • CWE-476: NULL Pointer Dereference •
CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones anteriores a la 4.14.8 no valida que el algoritmo de hash criptográfico subyacente no tenga clave, lo que permite que un atacante local capaz de utilizar la interfaz hash basada en AF_ALG (CONFIG_CRYPTO_USER_API_HASH) y el algoritmo hash basado en SHA-3 (CONFIG_CRYPTO_SHA3) provoque un desbordamiento de búfer de pila de kernel ejecutando una secuencia manipulada de llamadas al sistema para encontrar una inicialización SHA-3 ausente. The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://www.securityfocus. • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. • http://www.openwall.com/lists/oss-security/2017/12/04/2 http://www.securityfocus.com/bid/102038 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/security/cve/cve-2017-1000407 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2017-17807 – kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission
https://notcve.org/view.php?id=CVE-2017-17807
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.14.6 omitía una comprobación de control de acceso cuando se agregaba una clave al "llavero de acceso por defecto" de la tarea actual mediante la llamada al sistema request_key(), permitiendo a un usuario local utilizar una secuencia de llamadas de sistema manipuladas para añadir claves a un llavero solo con permiso de búsqueda (no de escritura) a ese llavero. Esto está relacionado con construct_get_dest_keyring() en security/keys/request_key.c. The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b http://www.securityfocus.com/bid/102301 https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3617-1 https://usn.ubuntu.com/3617-2 https://usn.ubuntu.com/3617-3 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3620 • CWE-862: Missing Authorization •