CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2596 – Kernel: kvm: page reference leakage in handle_vmon
https://notcve.org/view.php?id=CVE-2017-2596
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. La función nested_vmx_check_vmptr en arch/x86/kvm/vmx.c en el kernel de Linux hasta la versión 4.9.8 emula indebidamente la instrucción VMXON, lo que permite a usuarios del SO invitado KVM L1 provocar una denegación de servicio (consumo de memoria del SO anfitrión) aprovechando el manejo incorrecto de referencia de páginas. Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS. • http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/01/31/4 http://www.securityfocus.com/bid/95878 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://bugzilla.redhat.com/show_bug.cgi?id=1417812 https://access.redhat.com/security/cve/CVE-2017-2596 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5546
https://notcve.org/view.php?id=CVE-2017-5546
The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. La característica de freelist-randomization en mm/slab.c en el kernel 4.8.x de Linux y 4.9.x en versiones anteriores a 4.9.5 permite a usuarios locales provocar una denegación de servicio (entradas freelist duplicadas y caída del sistema) o posiblemente tener otro impacto no especificado en circunstancias oportunistas aprovechando la selección de un valor grande para un número aleatorio. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95711 https://bugzilla.redhat.com/show_bug.cgi?id=1415733 https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10154
https://notcve.org/view.php?id=CVE-2016-10154
The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. La función smbhash en fs/cifs/smbencrypt.c en el kernel de Linux 4.9.x en versiones anteriores a 4.9.1 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, que permite a usuarios locales provocar una denegación de servicio (caída del sistema o corrupción de memoria) o posiblemente tener otro impacto no especificado aprovechando el uso de más de una página virtual para una lista de dispersión . • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06deeec77a5a689cc94b21a8a91a76e42176685d http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95714 https://bugzilla.redhat.com/show_bug.cgi?id=1416104 https://github.com/torvalds/linux/commit/06deeec77a5a689cc94b21a8a91a76e42176685d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-10153
https://notcve.org/view.php?id=CVE-2016-10153
The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. La API criptográfica de la lista de dispersión en el kernel de Linux 4.9.x en versiones anteriores a 4.9.6 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema o corrupción de memoria) o posiblemente tener otro impacto no especificado aprovechando la confianza en el código anterior net/ceph/crypto.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a45f795c65b479b4ba107b6ccde29b896d51ee98 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95713 https://bugzilla.redhat.com/show_bug.cgi?id=1416101 https://github.com/torvalds/linux/commit/a45f795c65b479b4ba107b6ccde29b896d51ee98 • CWE-399: Resource Management Errors •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2583 – Kernel: Kvm: vmx/svm potential privilege escalation inside guest
https://notcve.org/view.php?id=CVE-2017-2583
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. La implementación de load_segment_descriptor en arc/x86/kvm/emulate.c en el kernel de Linux en versiones anteriores a 4.9.5 emula indebidamente una instrucción "MOV SS, NULL selector", lo que permite a usuarios del SO invitado provocar una denegación de servicio (caída del SO invitado) u obteniendo privilegios de SO invitado a través de una aplicación manipulada. Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3 http://www.debian.org/security/2017/dsa-3791 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 http://www.openwall.com/lists/oss-security/2017/01/19/2 http://www.securityfocus.com/bid/95673 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1616 https://bugzilla.redhat.com/show_bug.cgi?id=1414735 https:/ • CWE-250: Execution with Unnecessary Privileges •