CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
https://notcve.org/view.php?id=CVE-2018-6927
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando un valor wake o requeue negativo. The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a http://www.securityfocus.com/bid/103023 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu. • CWE-190: Integer Overflow or Wraparound •
CVE-2018-1000028
https://notcve.org/view.php?id=CVE-2018-1000028
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa. El kernel de Linux, en versiones posteriores al commit con ID bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+, contiene una vulnerabilidad de control de acceso incorrecto en el servidor NFS (nfsd) que puede resultar en que usuarios remotos lean o escriban archivos para los que no deberían tener permisos mediante NFS. Este ataque parece ser explotable por un servidor NFS que debe exportar un sistema de archivos con las opciones "rootsquash" habilitadas. • https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420 • CWE-269: Improper Privilege Management •
CVE-2017-16914
https://notcve.org/view.php?id=CVE-2017-16914
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. La función "stub_send_ret_submit()" (drivers/usb/usbip/stub_tx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.107, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante un USB especialmente manipulado en un paquete IP. • http://www.securityfocus.com/bid/102150 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a https://lists.debian.org/debian-lts • CWE-476: NULL Pointer Dereference •
CVE-2017-16911
https://notcve.org/view.php?id=CVE-2017-16911
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. El controlador vhci_hcd en el kernel de Linux, en versiones anteriores a la 4.14.8 y la 4.4.114, permite que atacantes locales revelen direcciones de memoria del kernel. La explotación con éxito requiere que se conecte un dispositivo USB mediante IP. • http://www.securityfocus.com/bid/102156 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://secuniaresearch.flexerasoftware.com/advisories/80454 https://secuniaresearch.flexerasoftware.com/secunia_research/2017- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-16912
https://notcve.org/view.php?id=CVE-2017-16912
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. La función "get_pipe()" (drivers/usb/usbip/stub_rx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.114, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante un USB especialmente manipulado en un paquete IP. • http://www.securityfocus.com/bid/102150 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://secuniaresearch.flexerasoftware.com/ad • CWE-125: Out-of-bounds Read •