CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10940 – kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
https://notcve.org/view.php?id=CVE-2018-10940
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. La función cdrom_ioctl_media_changed en drivers/cdrom/cdrom.c en el kernel de Linux en versiones anteriores a la 4.16.6 permite que atacantes locales empleen una comprobación de límites incorrecta en el ioctl CDROM_MEDIA_CHANGED del controlador CDROM para leer la memoria del kernel. A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 http://www.securityfocus.com/bid/104154 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.0EPSS: 0%CPEs: 24EXPL: 0CVE-2018-1087 – Kernel: KVM: error in exception handling leads to wrong debug stack value
https://notcve.org/view.php?id=CVE-2018-1087
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. kernel KVM en versiones anteriores al kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 y kernel 4.17-rc3 es vulnerable a un error en la forma en la que el hipervisor KVM del kernel de Linux gestiona las excepciones lanzadas tras una operación de cambio de pila mediante instrucciones Mov SS o Pop SS. Durante la operación de cambio de pila, el procesador no lanzó interrupciones y excepciones, sino que las lanza una vez se ha ejecutado la primera instrucción tras el cambio de pila. Un usuario invitado sin privilegios de KVM podría usar este error para provocar el cierre inesperado del guest o escalar sus privilegios en el guest. • http://www.openwall.com/lists/oss-security/2018/05/08/5 http://www.securityfocus.com/bid/104127 http://www.securitytracker.com/id/1040862 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:1524 https://access.redhat.com/security/vulnerabili • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1108 – Linux RNG Flaws
https://notcve.org/view.php?id=CVE-2018-1108
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. Los controladores de kernel, en versiones anteriores a la 4.17-rc1, son vulnerables a una debilidad en la implementación del kernel de Linux de datos de semilla aleatorios. Los programas, en un estado de arranque temprano, podrían emplear los datos asignados a la semilla antes de que se haya generado lo suficiente. There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. • http://www.securityfocus.com/bid/104055 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://usn.ubuntu.com/3718-1 https://usn.ubuntu.com/3718-2 https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com/3752-3 https://www.debian.org/security/2018/dsa-4188 • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-10323
https://notcve.org/view.php?id=CVE-2018-10323
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. La función xfs_bmap_extents_to_btree en fs/xfs/libxfs/xfs_bmap.c en el kernel de Linux, hasta la versión 4.16.3, permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL en xfs_bmapi_write) mediante una imagen xfs manipulada. • http://www.securityfocus.com/bid/103959 https://bugzilla.kernel.org/show_bug.cgi?id=199423 https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com/3752-3 https://usn.ubuntu.com/3754-1 https://usn.ubuntu.com/4486-1 https://www.debian.org/security/2018/dsa-4188 https://www.spinics.net/lists/linux-xfs/msg17254.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-10322 – kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service
https://notcve.org/view.php?id=CVE-2018-10322
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. La función xfs_dinode_verify en fs/xfs/libxfs/xfs_inode_buf.c en el kernel de Linux, hasta la versión 4.16.3, permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero inválido en xfs_ilock_attr_map_shared) mediante una imagen xfs manipulada. The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can cause a NULL pointer dereference in xfs_ilock_attr_map_shared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kernel panic and thus a denial of service. • http://www.securityfocus.com/bid/103960 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199377 https://usn.ubuntu.com/4578-1 https://usn.ubuntu.com/4579-1 https://www.spinics.net/lists/linux-xfs/msg17215.html https://access.redhat.com/security/cve/CVE-2018-10322 https://bugzilla.redhat.com/show_bug.cgi?id=1571623 • CWE-476: NULL Pointer Dereference •