Page 790 of 5116 results (0.029 seconds)

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-16880

https://notcve.org/view.php?id=CVE-2018-16880

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable. Se ha encontrado un error en la función handle_rx() del controlador [vhost_net] en el kernel de Linux. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://www.securityfocus.com/bid/106735 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880 https://support.f5.com/csp/article/K03593314 https://usn.ubuntu.com/3903-1 https://usn.ubuntu.com/3903-2 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-5489 – Kernel: page cache side channel attacks

https://notcve.org/view.php?id=CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. La implementación mincore() en mm/mincore.c en el kernel de Linux hasta la versión 4.19.13 permitía a los atacantes observar patrones de acceso a las páginas de caché de otros procesos en el mismo sistema, permitiendo el esnifado de información secreta. (Su arreglo afecta a la salida del programa fincore.) • https://github.com/mmxsrup/CVE-2019-5489 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en http://www.securityfocus.com/bid/106478 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2018-16885 – kernel: out-of-bound read in memcpy_fromiovecend()

https://notcve.org/view.php?id=CVE-2018-16885

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. Se ha detectado un fallo en el kernel de Linux que permite al espacio de usuario llamar a memcpy_fromiovecend() y funciones similares con un offset de 0 y un tamaño de búfer que causa la lectura fuera de los límites de dicho búfer. En algunos casos, esto provoca un fallo de acceso a la memoria y la detención del sistema, accediendo a direcciones de memoria inválidas. Este problema solo afecta a las versiones 3.10.x del kernel, incluidas por defecto en Red Hat Enterprise Linux 7. • http://www.securityfocus.com/bid/106296 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885 https://access.redhat.com/security/cve/CVE-2018-16885 https://bugzilla.redhat.com/show_bug.cgi?id=1661503 • CWE-125: Out-of-bounds Read •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1

CVE-2019-3701

https://notcve.org/view.php?id=CVE-2019-3701

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html http://www.securityfocus.com/bid/106443 https://bugzilla.suse.com/show_bug.cgi?id=1120386 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html https://m • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-16882

https://notcve.org/view.php?id=CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable. Se ha detectado un uso de memoria previamente liberada en la manera en la que el hypervisor KVM del kernel de Linux procesa las interrupciones publicadas cuando la virtualización "nested(=1)" se encuentra habilitada. • http://www.securityfocus.com/bid/106254 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16882 https://lwn.net/Articles/775720 https://lwn.net/Articles/775721 https://marc.info/?l=kvm&m=154514994222809&w=2 https://support.f5.com/csp/article/K80557033 https://usn.ubuntu.com/3871-1 https://usn.ubuntu.com/3871-3 https://usn.ubuntu.com/3871-4 https://usn.ubuntu.com/3871-5 https://usn.ubuntu.com/3872-1 https://usn.ubuntu.com/3878-1 https • CWE-416: Use After Free •