Page 716 of 4770 results (0.023 seconds)

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. La implementación de extensión BPF_S_ANC_NLATTR_NEST en la función sk_run_filter en net/core/filter.c en el kernel de Linux hasta 3.14.3 utiliza el orden inverso en cierta resta, lo que permite a usuarios locales causar una denegación de servicio (sobrelectura y caída de sistema) a través de instrucciones BPF manipuladas. NOTA: el código afectado fue trasladado a la función __skb_get_nlattr_nest antes de anunciar la vulnerabilidad. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 http://linux.oracle.com/errata/ELSA-2014-3052.html http://secunia.com/advisories/58990 http://secunia.com/advisories/59311 http://secunia.com/advisories/59597 http://secunia.com/advisories/60613 http://www.debian.org/security/2014/dsa-2949 http://www.openwall.com/lists/oss-security/2014/05/09/6 http://www.securityfocus.com/bid/67321 http://www.securitytra • CWE-125: Out-of-bounds Read •

CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. La función raw_cmd_copyin en drivers/block/floppy.c en el kernel de Linux hasta 3.14.3 no maneja debidamente condiciones de error durante el procesado de una llamada FDRAWCMD ioctl, lo que permite a usuarios locales provocar operaciones kfree y ganar privilegios mediante el aprovechamiento de acceso de escritura hacia un dispositivo /dev/fd. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3043.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html http://rhn.redhat.com/errata/RHSA-2014-0800.html http://rhn.redhat.com/errata/RHSA-2014-0801.html http://secunia.com • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 6.6EPSS: 0%CPEs: 12EXPL: 0

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. La función raw_cmd_copyout en drivers/block/floppy.c en el kernel de Linux hasta 3.14.3 no restringe debidamente acceso a ciertos punteros durante el procesamiento de una llamada FDRAWCMD ioctl, lo que permite a usuarios locales obtener información sensible de la memoria dinámica del kernel mediante el aprovechamiento de acceso a escritura hacia un dispositivo /dev/fd. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3043.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html http://rhn.redhat.com/errata/RHSA-2014-0800.html http://rhn.redhat.com/errata/RHSA-2014-0801.html http://secunia.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.9EPSS: 1%CPEs: 49EXPL: 6

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria y caída de sistema) o ganar privilegios mediante la provocación de una condición de carrera involucrando operaciones de lectura y escritura con cadenas largas. Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings. • https://www.exploit-db.com/exploits/33516 https://github.com/tempbottle/CVE-2014-0196 https://github.com/SunRain/CVE-2014-0196 http://bugzilla.novell.com/show_bug.cgi?id=875690 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00 http://linux.oracle.com/errata/ELSA-2014-0771.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.6EPSS: 0%CPEs: 87EXPL: 0

Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump. Error de superación de límite (off-by-one)en la función bpf_jit_compile en arch/x86/net/bpf_jit_comp.c en el kernel de Linux anterior a 3.1.8, cuando BPF JIT está habilitado, permite a usuarios locales causar una denegación de servicio (caída de sistema) o posiblemente ganar privilegios a través de un salto largo después de un salto condicional. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a03ffcf873fe0f2565386ca8ef832144c42e67fa http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8 http://www.openwall.com/lists/oss-security/2014/04/18/6 https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa • CWE-189: Numeric Errors •