Page 609 of 3164 results (0.019 seconds)

CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 1

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. La implementación de userfaultfd en el kernel de Linux en versiones anteriores a la 4.17 gestiona de manera incorrecta para ciertas llamadas ioctl UFFDIO_, tal y como queda demostrado al permitir que usuarios locales escriban datos en huecos en un archivo tmpfs (si el usuario tiene acceso de solo lectura a dicho archivo que contiene huecos). Esto está relacionado con fs/userfaultfd.c y mm/userfaultfd.c. A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0202 https://access.redhat.com/errata/RHSA-2019:0324 https://access.redhat.com/errata/RHSA-2019:0831 https://bugs.chromium.org/p/project-zero/issues/detail?id=1700 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87& • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •

CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.19.3. crypto_report_one() y otras funciones relacionadas en crypto/crypto_user.c (la API de configuración de usuarios crypto) no inicializan completamente las estructuras que se copian en el espacio de usuario, lo que podría filtrar memoria sensible a los programas del usuario. NOTA: esta es una regresión de CVE-2013-2547, pero con una explotabilidad más sencilla. Esto se deba a que el atacante no necesita una capacidad (sin embargo, el sistema debe tener la opción de kconfig CONFIG_CRYPTO_USER). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43f39958beb206b53292801e216d9b8a660f087 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://github.com/torvalds/linux/commit/f43f39958beb206b53292801e216d9b8a660f087 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.3 https://usn.ubuntu.com/3872-1 https://usn.ubuntu.com/3878-1 https://usn.ubuntu.com/3878-2 https://usn.ubuntu.com/3901-1 https:/&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. En el kernel de Linux hasta la versión 4.19.6, un usuario local podría explotar memoria previamente liberada en el controlador ALSA suministrando un dispositivo de sonido USB malicioso (con cero interfaces) que no se maneja correctamente en usb_audio_probe en sound/usb/card.c. A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system. • http://www.securityfocus.com/bid/106109 https://access.redhat.com/errata/RHSA-2019:2703 https://bugzilla.suse.com/show_bug.cgi?id=1118152 https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian- • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. El kernel de Linux en versiones anteriores a la 4.15-rc8 era vulnerable a un error de desreferencia de puntero NULL en la función __netlink_ns_capable() en el archivo net/netlink/af_netlink.c. Un atacante local podría explotarlo cuando un espacio de nombres de red con un netnsid se asigne para provocar un kernel de pánico y ataque de denegación de servicio (DoS). The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. • https://access.redhat.com/errata/RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2018:3843 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee https://marc.info/?l=linux-netdev&m=151500466401174&w=2 https://access.redhat.com/security/cve/CVE-2018-14646 https://bugzilla.redhat.com/show_bug.cgi?id=1630124 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. La función vcpu_scan_ioapic en arch/x86/kvm/x86.c en el kernel de Linux hasta la versión 4.19.2 permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULLy error) mediante llamadas del sistema manipuladas que alcanzan una situación donde ioapic no está inicializado. • http://www.securityfocus.com/bid/105987 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lkml.org/lkml/2018/11/20/580 https://usn.ubuntu.com/3871-1 https://usn.ubuntu.com/3871-3 https://usn.ubuntu.com/3871-4 https://usn.ubuntu.com/3871-5 https://usn.ubuntu.com/3872-1 https://usn.ubuntu.com/3878-1 https://usn.ubuntu.com/3878-2 https://usn.ubuntu.com/3879-1 https://usn.ubuntu.com/3879-2 • CWE-476: NULL Pointer Dereference •