CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2017-16533
https://notcve.org/view.php?id=CVE-2017-16533
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. La función usbhid_parse en drivers/hid/usbhid/hid-core.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. • http://www.securityfocus.com/bid/102026 https://github.com/torvalds/linux/commit/f043bfc98c193c284e2cd768fefabe18ac2fed9b https://groups.google.com/d/msg/syzkaller/CxkJ9QZgwlM/O3IOvAaGAwAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5331
https://notcve.org/view.php?id=CVE-2006-5331
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction. La función altivec_unavailable_exception en arch/powerpc/kernel/traps.c en el kernel de Linux en versiones anteriores a la 2.6.19 en sistemas de 64 bits gestiona de manera incorrecta el caso en el que se define CONFIG_ALTIVEC y la CPU es compatible con Altivec, pero esa compatibilidad no la detecta el kernel, lo que hace que los usuarios locales provoquen una denegación de servicio (pánico) desencadenando la ejecución de una instrucción de Altivec. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c4841c2b6c32a134f9f36e5e08857138cc12b10 http://www.linuxgrill.com/anonymous/kernel/v2.6/ChangeLog-2.6.19 https://bugzilla.suse.com/show_bug.cgi?id=213229 https://github.com/torvalds/linux/commit/6c4841c2b6c32a134f9f36e5e08857138cc12b10 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15951
https://notcve.org/view.php?id=CVE-2017-15951
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.13.10 no sincroniza correctamente las acciones de actualización con las de detección de una clave en el estado "negative" para evitar una condición de carrera, lo que permite que los usuarios locales provoquen una denegación de servicio (DoS) o, posiblemente, cause otro impacto no especificado mediante llamadas al sistema manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=363b02dab09b3226f3bd1420dad9c72b79a42a76 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10 http://www.securityfocus.com/bid/101621 https://github.com/torvalds/linux/commit/363b02dab09b3226f3bd1420dad9c72b79a42a76 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 7CVE-2017-5123 – Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-5123
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Una comprobación de datos insuficiente en waitid permitía a un usuario escapar de los sandbox en Linux • https://www.exploit-db.com/exploits/43127 https://www.exploit-db.com/exploits/43029 https://github.com/c3r34lk1ll3r/CVE-2017-5123 https://github.com/0x5068656e6f6c/CVE-2017-5123 https://github.com/FloatingGuy/CVE-2017-5123 https://github.com/teawater/CVE-2017-5123 https://github.com/h1bAna/CVE-2017-5123 https://crbug.com/772848 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51 https://security.netapp.com/adviso • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15649 – Linux Kernel - 'AF_PACKET' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-15649
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a una gestión incorrecta de las estructuras de datos packet_fanout. Esto se debe a una condición de carrera (que afecta a fanout_add y packet_do_bind) que da lugar a un uso de memoria previamente liberada. Esta vulnerabilidad es diferente de CVE-2017-6346. It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. • https://www.exploit-db.com/exploits/44053 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e http://patchwork.ozlabs.org/patch/813945 http://patchwork.ozlabs.org/patch/818726 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6 http://www.securityfocus.com/bid/101573 https://access.redhat.com/errata/RHSA- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •