Page 643 of 3822 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals. La función SMB2_tcon en fs/cifs/smb2pdu.c en el kernel de Linux anterior a 3.16.3 permite a servidores remotos CIFS causar una denegación de servicio (referencia a puntero nulo y caída del sistema cliente) o posiblemente tener otro impacto no especificado mediante la eliminación de el compartido IPC$ durante la resolución de las referencias DFS. A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=18f39e7be0121317550d03e267e3ebd4dbfbb3ce http://rhn.redhat.com/errata/RHSA-2015-0102.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 http://www.openwall.com/lists/oss-security/2014/09/22/4 http://www.securityfocus.com/bid/69867 http://www.ubuntu.com/usn/USN-2394-1 https://github.com/torvalds/linux/commit/18f39e7be0121317550d03e267e3ebd4dbfbb3ce https://access.redhat.com/security/cve& • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. Las funciones report_fixup en el subsistema HID en el kernel de Linux anterior a 3.16.2 podrían permitir a atacantes físicamente próximos causar una denegación de servicio (escritura fuera de rango) a través de un dispositivo manipulado que proporciona un descriptor de informes pequeño, relacionado con (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, y (6) drivers/hid/hid-sunplus.c. Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ab25786c87eb20857bbb715c3ae34ec8fd6a214 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1318.html http://rhn.redhat.com/errata/RHSA&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 4

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation. La función assoc_array_gc en la implementación associative-array en lib/assoc_array.c en el kernel de Linux anterior a 3.16.3 no implementa debidamente la recolección de basura, lo que permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída del sistema) o posiblemente tener otro impacto no especificado a través de múltiples operaciones 'keyctl newring' seguidas de una operación 'keyctl timeout'. A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. • https://www.exploit-db.com/exploits/36268 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95389b08d93d5c06ec63ab49bd732b0069b7c35e http://osvdb.org/show/osvdb/111298 http://www.exploit-db.com/exploits/36268 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 http://www.securityfocus.com/bid/70095 http://www.ubuntu.com/usn/USN-2378-1 http://www.ubuntu.com/usn/USN-2379-1 https://bugzilla.redhat.com/show_bug.cgi?id=11403 •

CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0

Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value. Error en el indice del arry en la función logi_dj_raw_event en drivers/hid/hid-logitech-dj.c en el kernel de Linux anterior a 3.16.2 permite a atacantes físicamente próximos ejecutar código arbitrario o causar una denegación de servicio (kfree inválido) a través de un dispositivo manipulado que proporciona un valor REPORT_TYPE_NOTIF_DEVICE_UNPAIRED malformado. An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid device_index value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 http://rhn.redhat.com/errata/RHSA-2014-1318.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2 http://www.openwall.com/lists/oss-security/2014/09/11/21 http://www.securityfocus.com/bid/69770 https://bugzilla.redhat.com/show_bug.cgi?id=1141210 https://code.google.com/p/google-security-research/issues/detail?id=89 https://github.com/t • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 9%CPEs: 5EXPL: 1

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket. net/ceph/auth_x.c en Ceph, utilizado en el kernel de Linux anterior a 3.16.3, no considera debidamente la posibilidad de fallos de kmalloc, lo que permite a atacantes remotos causar una denegación de servicio (caída del sistema) o posiblemente tener otro impacto no especificado a través de un ticket de autor largo no cifrado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c27a3e4d667fdcad3db7b104f75659478e0c68d8 http://tracker.ceph.com/issues/8979 http://tracker.ceph.com/issues/9560 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 http://www.openwall.com/lists/oss-security/2014/09/15/7 http://www.ubuntu.com/usn/USN-2376-1 http://www.ubuntu.com/usn/USN-2377-1 http://www.ubuntu.com/usn/USN-2378-1 http://www.ubuntu.com/usn/USN • CWE-399: Resource Management Errors •