CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-11506 – kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-11506
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. La función sr_do_ioctl en drivers/scsi/sr_ioctl.c en el kernel de Linux hasta 4.16.12 permite a los usuarios locales causar una denegación de servicio (desbordamiento de búfer basado en pila) o, posiblemente, provocar otro impacto no especificado debido a que los búferes de sentido tienen diferentes tamaños en la capa de CDROM y en la capa SCSI, tal y como queda demostrado con una llamada ioctl CDROMREADMODE2. The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel allows local users to cause a denial of service via a stack-based buffer overflow or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe https://access.redhat.com/errata/RHSA-2018:2948 https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://twitter.com/efrmv/status/1001574894273007616 https://usn& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 3CVE-2018-11412 – Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption
https://notcve.org/view.php?id=CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. En el kernel de Linux de la versión 4.13 hasta la 4.16.11, ext4_read_inline_data() en fs/ext4/inline.c realiza un memcpy con un valor de longitud no fiable en ciertas circunstancias que implica un sistema de archivos manipulado que almacena el valor de atributo extendido system.data en un nodo dedicado. The fs/ext4/inline.c:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or possible privilege escalation. Linux Kernel versions prior to 4.16.11 suffer from an ext4_read_inline_data() memory corruption vulnerability. • https://www.exploit-db.com/exploits/44832 http://www.securityfocus.com/bid/104291 https://access.redhat.com/errata/RHSA-2019:0525 https://bugs.chromium.org/p/project-zero/issues/detail?id=1580 https://bugzilla.kernel.org/show_bug.cgi?id=199803 https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com/3752-3 https://access.redhat.com/security/cve/CVE-2018-11412 https://bugzilla.redhat.com/show_bug.cgi?id=1582358 • CWE-416: Use After Free CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 2CVE-2018-1120 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1120
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). Se ha encontrado un error que afecta al kernel de Linux en versiones anteriores a la 4.17. Al realizar un mmap() sobre un archivo copiado con FUSE en la memoria de un proceso que contiene argumentos de línea de comandos (o cadenas de entorno), un atacante puede hacer que las utilidades de psutils o procps (como ps o w) o cualquier otro programa que realiza una llamada read() a los archivos /proc//cmdline (o /proc//environ) se bloqueen indefinidamente (denegación de servicio) o durante un tiempo determinado (como primitiva de sincronización para otros ataques). By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). • https://www.exploit-db.com/exploits/44806 http://seclists.org/oss-sec/2018/q2/122 http://www.securityfocus.com/bid/104229 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830 https://lists.debian.org/debian-lt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1118 – kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
https://notcve.org/view.php?id=CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. El vhost del kernel de Linux desde la versión 4.8 no inicializa correctamente la memoria en los mensajes que se pasan entre invitados virtuales y el sistema operativo host en la función vhost/vhost.c:vhost_new_msg(). Esto puede permitir que usuarios con privilegios locales lean el contenido de la memoria del kernel al leer del archivo de dispositivo /dev/vhost-net. The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3762-1 https://usn.ubuntu.com/3762-2 https://access.redhat.com/security/cve/CVE-2018-1118 https://bugzilla.redhat.com/show_bug.cgi?id=1573699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1130 – kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
https://notcve.org/view.php?id=CVE-2018-1130
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. El kernel de Linux en versiones anteriores a la 4.16-rc7 es vulnerable a una desreferencia de puntero NULL en la función dccp_write_xmit() en net/dccp/output.c en la que un usuario local puede provocar una denegación de servicio mediante un número de llamadas del sistema manipuladas. A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls. • https://access.redhat.com/errata/RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2 https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian& • CWE-476: NULL Pointer Dereference •