CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-14497
https://notcve.org/view.php?id=CVE-2017-14497
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. La función tpacket_rcv en net/packet/af_packet.c en el kernel de Linux en versiones anteriores a la 4.13 no gestiona correctamente cabeceras vnet, lo que podría permitir que usuarios locales provoquen una denegación de servicio (desbordamiento de búfer y corrupción de disco y de memoria) o, posiblemente, provoquen otro impacto sin especificar mediante llamadas del sistema manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edbd58be15a957f6a760c4a514cd475217eb97fd http://seclists.org/oss-sec/2017/q3/476 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100871 http://www.securitytracker.com/id/1039371 http://www.securitytracker.com/id/1040106 https://bugzilla.redhat.com/show_bug.cgi?id=1492593 https://github.com/torvalds/linux/commit/edbd58be15a957f6a760c4a514cd475217eb97fd https://marc.info/?l=linux-kernel&m&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14340 – kernel: xfs: unprivileged user kernel oops
https://notcve.org/view.php?id=CVE-2017-14340
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. La macro XFS_IS_REALTIME_INODE en fs/xfs/xfs_linux.h en el kernel de Linux en versiones anteriores a la 4.13.2 no verifica que un sistema de archivos tenga un dispositivo realtime, lo que permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y OOPS) mediante vectores relacionados con la configuración de una marca RHINHERIT en un directorio. A flaw was found where the XFS filesystem code mishandles a user-settable inode flag in the Linux kernel prior to 4.14-rc1. This can cause a local denial of service via a kernel panic. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc http://seclists.org/oss-sec/2017/q3/436 http://www.debian.org/security/2017/dsa-3981 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2 http://www.securityfocus.com/bid/100851 https://access.redhat.com/errata/RHSA-2017:2918 https://bugzilla.redhat.com/show_bug.cgi?id=1491344 https://github.com/torvalds/linux/commit/b31ff3cdf540110da4572e3e29bd172087af65cc https:&# • CWE-391: Unchecked Error Condition CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14489 – Linux Kernel < 4.14.rc3 - Local Denial of Service
https://notcve.org/view.php?id=CVE-2017-14489
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. La función iscsi_if_rx en drivers/scsi/scsi_transport_iscsi.c en el kernel de Linux hasta la versión 4.13.2 permite que usuarios locales provoquen una denegación de servicio (pánico) aprovechando que se realiza una validación de longitud incorrecta. Linux kernel versions prior to 4-14-rc3 suffer from a local denial of service vulnerability. • https://www.exploit-db.com/exploits/42932 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/101011 https://bugzilla.redhat.com/show_bug.cgi?id=1490421 https://patchwork.kernel.org/patch/9923803 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: 43EXPL: 5CVE-2017-1000251 – Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas de configuración L2CAP, lo que desemboca en la ejecución remota de código en el espacio del kernel. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. • https://www.exploit-db.com/exploits/42762 https://github.com/hayzamjs/Blueborne-CVE-2017-1000251 https://github.com/own2pwn/blueborne-CVE-2017-1000251-POC https://github.com/sgxgsx/blueborne-CVE-2017-1000251 https://github.com/tlatkdgus1/blueborne-CVE-2017-1000251 http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100809 http://www.securitytracker.com/id/1039373 https://access.redhat.com/errata& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2017-12146
https://notcve.org/view.php?id=CVE-2017-12146
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. La implementación driver_override en drivers/base/platform.c en el kernel de Linux en versiones anteriores a la 4.12.1 permite que los usuarios locales obtengan privilegios mediante el uso de una condición de carrera causada por una operación de lectura y otra de almacenamiento que involucren diferentes sobrescrituras de la memoria. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6265539776a0810b7ce6398c27866ddb9c6bd154 http://www.debian.org/security/2017/dsa-3981 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.1 http://www.securityfocus.com/bid/100651 https://bugzilla.redhat.com/show_bug.cgi?id=1489078 https://bugzilla.suse.com/show_bug.cgi?id=1057474 https://github.com/torvalds/linux/commit/6265539776a0810b7ce6398c27866ddb9c6bd154 https://source.android.com/security/bulletin/2017-09 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •