CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3185 – Kernel: USB serial: memory corruption flaw
https://notcve.org/view.php?id=CVE-2014-3185
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. Múltiples desbordamientos de buffer en la función command_port_read_callback en drivers/usb/serial/whiteheat.c en Whiteheat USB Serial Driver en el kernel de Linux anterior a 3.16.2 permiten a atacantes físicamente próximos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída del sistema) a través de un dispositivo manipulado que proporciona una cantidad grande de datos (1) EHCI o (2) XHCI asociados con una respuesta en masa. A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6817ae225cd650fb1c3295d769298c38b1eba818 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1318.html http://rhn.redhat.com/errata/RHSA&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 13EXPL: 2CVE-2014-0205 – kernel: futex: refcount issue in case of requeue
https://notcve.org/view.php?id=CVE-2014-0205
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. La función futex_wait en kernel/futex.c en el kernel de Linux anterior a 2.6.37 no mantiene debidamente cierta cuenta de referencias durante las operaciones de rehacer colas, lo que permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída del sistema) o posiblemente tener otro impacto no especificado a través de una aplicación manipulada que provoca una cuenta a cero. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ada876a8703f23befbb20a7465a702ee39b1704 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37 http://rhn.redhat.com/errata/RHSA-2014-1365.html http://rhn.redhat.com/errata/RHSA-2014-1763.html https://bugzilla.redhat.com/show_bug.cgi?id=1094455 https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704 https://access.redhat.com/security/cve/CVE-2014-0205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 7.8EPSS: 2%CPEs: 20EXPL: 2CVE-2014-3535 – Kernel: netdevice.h: NULL pointer dereference over VxLAN
https://notcve.org/view.php?id=CVE-2014-3535
include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. include/linux/netdevice.h en el kernel de Linux anterior a 2.6.36 utiliza incorrectamente los macros para netdev_printk y su implementación de registro relacionada, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída del sistema) mediante el envió de paquetes inválidos a una interfaz VxLAN. A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.securityfocus.com/bid/69721 https://bugzilla.redhat.com/show_bug.cgi?id=1114540 https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38 https://access.redhat.com/security/cve/CVE-2014-3535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1CVE-2014-5472 – kernel: isofs: unbound recursion when processing relocated directories
https://notcve.org/view.php?id=CVE-2014-5472
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux hasta 3.16.1 permite a usuarios locales causar una denegación de servicio (un proceso de montaje imparable) a través de un imagen iso9660 manipulado con una entrada CL de auto referencia. It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.in • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1CVE-2014-5471 – kernel: isofs: unbound recursion when processing relocated directories
https://notcve.org/view.php?id=CVE-2014-5471
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. Vulnerabilidad de consumo de pila en la función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux hasta 3.16.1 permite a usuarios locales causar una denegación de servicio (recursividad sin control y caída o reinicio del sistema) a través de un imagen iso9660 manipulado con una entrada CL que se refiere a una entrada del directorio que tiene una entrada CL. It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.in • CWE-399: Resource Management Errors •