CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0650
https://notcve.org/view.php?id=CVE-2017-0650
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278. • http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0651
https://notcve.org/view.php?id=CVE-2017-0651
An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815. • http://www.securityfocus.com/bid/98875 http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9605
https://notcve.org/view.php?id=CVE-2017-9605
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. La función vmw_gb_surface_define_ioctl (accesible mediante DRM_IOCTL_VMW_GB_SURFACE_CREATE) eb drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el Kernel de Linux hasta la 4.11.4 define una variable backup_handle pero no da un valor inicial. Si uno intenta crear una superficie GB, con una colocación previa del buffer DMA va ser usado como un buffer backup, la variable backup_handle no consigue escritura, y después es devuelto al espacio de usuario, permitiendo a los usuarios locales obtener información sensible de la memoria del kernel no inicializada mediante la manipulación de la llamada ioctl. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07678eca2cf9c9a18584e546c2b2a0d0c9a3150c http://www.debian.org/security/2017/dsa-3927 http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/99095 https://github.com/torvalds/linux/commit/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2016-9604 – kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user
https://notcve.org/view.php?id=CVE-2016-9604
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. Se ha descubierto en el kernel de Linux en versiones anteriores a la 4.11-rc8 que root puede obtener acceso directo a un keyring interno, como ".dns_resolver" en RHEL-7 o el upstream ".builtin_trusted_keys" uniéndose a él como su keyring de sesión. Esto permite que root omita la verificación de firmas del módulo añadiendo una nueva clave pública de su propia elaboración al keyring. It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. • http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html http://www.securityfocus.com/bid/102135 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.novell.com/show_bug.cgi?id=1035576 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2 • CWE-347: Improper Verification of Cryptographic Signature CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9242 – kernel: Incorrect overwrite check in __ip6_append_data()
https://notcve.org/view.php?id=CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. La función __ip6_append_data en el archivo net/ipv6/ip6_output.c en el kernel de Linux hasta versión 4.11.3, es demasiado tardía para comprobar si se puede sobrescribir una estructura de datos skb, lo que permite a los usuarios locales causar una denegación de servicio (bloqueo del sistema) por medio de unas llamadas de sistema diseñadas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a http://www.debian.org/security/2017/dsa-3886 http://www.securityfocus.com/bid/98731 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a https://patchwork.ozlabs.org/patch/764880 https://access.redhat.com/security/cve/CVE-2017-9242 https://bugzilla.redhat.com/ • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •