CVE-2018-7757 – kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c
https://notcve.org/view.php?id=CVE-2018-7757
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. Filtrado de memoria en la función sas_smp_get_phy_events en drivers/scsi/libsas/sas_expander.c en el kernel de Linux, hasta la versión 4.15.7, permite que usuarios locales provoquen una denegación de servicio (consumo de memoria) mediante numerosos accesos de lectura a archivos en el directorio /sys/class/sas_phy, tal y como demuestra el archivo /sys/class/sas_phy/phy-1:0:12/invalid_dword_count. Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 http://www.securityfocus.com/bid/103348 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3654-1 https://usn.ubuntu. • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-7755 – kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2018-7755
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. Se descubrió un fallo de seguridad en la función fd_locked_ioct en drivers/block/floppy.c en el kernel de Linux hasta la versión 4.15.7. La unidad de disquete copiará un puntero kernel a la memoria del usuario en respuesta a la llamada IOCTL FDGETPRM. • https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://lkml.org/lkml/2018/3/7/1116 https://usn.ubuntu.com/3695-1 https://usn.ubuntu.com/3695-2 https://usn.ubuntu.com/3696-1 https://usn.ubuntu.com/3696-2 https://usn.ubuntu.com/3697-1 https://usn.ubuntu.com/3697-2 https://usn.ubuntu.com/3698-1 https://usn.ubuntu.com/369 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-7740 – kernel: Denial of service in resv_map_release function in mm/hugetlb.c
https://notcve.org/view.php?id=CVE-2018-7740
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. La función resv_map_release en mm/hugetlb.c en el kernel de Linux hasta la versión 4.15.7 permite que usuarios locales provoquen una denegación de servicio (error) mediante una aplicación manipulada que realiza llamadas del sistema mmap y tiene un argumento grande pgoff en la llamada del sistema remap_file_pages. The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. • http://www.securityfocus.com/bid/103316 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199037 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3910-1 https://usn.ubuntu.com/3910-2 https://www.debian.org/security/2018/dsa-4187 https://www.debian.org/security/2018/dsa-4188 https://access.redhat.com/security/cve/CVE-2018-7740 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-18216
https://notcve.org/view.php?id=CVE-2017-18216
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. En fs/ocfs2/cluster/nodemanager.c en el kernel de Linux, en versiones anteriores a la 4.15, los usuarios locales pueden provocar una denegación de servicio (desreferencia de puntero NULL y error) debido a que no se emplea un mutex requerido. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=853bc26a7ea39e354b9f8889ae7ad1492ffa28d2 http://www.securityfocus.com/bid/103278 https://github.com/torvalds/linux/commit/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3776-1 https://usn.ubuntu.com/3776-2 https://usn.ubuntu.com/3798-1 https://usn.ubuntu.com/3798-2 https://www.debian.org/security/2018/dsa-4187 https://www.d • CWE-476: NULL Pointer Dereference •
CVE-2018-1065 – kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash
https://notcve.org/view.php?id=CVE-2018-1065
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. El subsistema netfilter en el kernel de Linux, hasta la versión 4.15.7, gestiona de manera incorrecta el caso de una regla blob que contiene un salto pero carece de una cadena definida por el usuario. Esto permite que usuarios locales provoquen una denegación de servicio (DoS) aprovechando las capacidades CAP_NET_RAW o CAP_NET_ADMIN, relacionadas con arpt_do_table en net/ipv4/netfilter/arp_tables.c, ipt_do_table en net/ipv4/netfilter/ip_tables.c y ip6t_do_table en net/ipv6/netfilter/ip6_tables.c. A flaw was found in the netfilter/iptables subsystem. A user with the netfilter modification capabilities could insert a rule which could panic the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8 http://lists.openwall.net/netdev/2018/01/27/46 http://patchwork.ozlabs.org/patch/870355 http://www.securitytracker.com/id/1040446 https://access.redhat.com/errata/RHSA-2018:2948 https://bugzilla.redhat.com/show_bug.cgi?id=1547824 https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8 https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https: • CWE-476: NULL Pointer Dereference •