Page 765 of 5231 results (0.023 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack. La función evm_verify_hmac en security/integrity/evm/evm_main.c en el kernel de Linux en versiones anteriores a 4.5 no copia correctamente los datos, lo que facilita a usuarios locales falsificar los valores MAC a través de un ataque de tiempo side-chanel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=613317bd212c585c20796c10afe5daaa95d4b0a1 http://www.ubuntu.com/usn/USN-2946-1 http://www.ubuntu.com/usn/USN-2946-2 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 http://www.ubuntu.com/usn/USN-2948-1 http://www.ubuntu.com/usn/USN-2948-2 http://www.ubuntu.com/usn/USN-2949-1 https://bugzilla.redhat.com/show • CWE-19: Data Processing Errors •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. La función adjust_branches en kernel/bpf/verifier.c en el kernel de Linux en versiones anteriores a 4.5 no tiene en cuenta el delta en el caso de salto de retroceso, lo que permite a usuarios locales obtener información sensible del kernel de memoria creando un filtro de paquetes y posteriormente cargando instrucciones BPF manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1b14d27ed0965838350f1377ff97c93ee383492 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.openwall.com/lists/oss-security/2016/02/14/1 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 https://bugzilla.redhat.com/show_bug.cgi?id=1308452 https://github.com/torvalds/linux/commit/a1b14d27ed0965838350f1377ff97c93ee3834 •

CVSS: 6.2EPSS: 0%CPEs: 17EXPL: 0

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. fs/pipe.c en el kernel de Linux antes de 4.5 no limita la cantidad de datos no leídos en las tuberías, lo que permite a los usuarios locales provocar una denegación de servicio (consumo de memoria) creando muchas tuberías con tamaños no predeterminados. It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. Desbordamientos de enteros en la función xt_alloc_table_info en net/netfilter/x_tables.c en el kernel de Linux hasta la versión 4.5.2 en plataformas de 32-bit permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_REPLACE setsockopt. • https://www.exploit-db.com/exploits/39545 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1 http://www.securityfocus.com/bid/84305 http://www.ubuntu.com/usn/USN-2930-1 http://www.ubuntu.com/usn/USN-2930-2 http://www.ubuntu.com/usn/USN-2930-3 http://www.ubuntu.com/usn/USN-3054-1 http://www.ubuntu.com/usn/USN-3055-1 http://www.ubuntu.com/usn/USN-3056-1 http://www.ubuntu.com/usn/USN • CWE-189: Numeric Errors •

CVSS: 8.4EPSS: 0%CPEs: 16EXPL: 1

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. El subsistema netfilter en el kernel de Linux hasta la versión 4.5.2 no válida ciertos campos de desplazamiento, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_REPLACE setsockopt. A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset. • https://www.exploit-db.com/exploits/39545 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •