CVE-2018-7480
https://notcve.org/view.php?id=CVE-2018-7480
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. La función blkcg_init_queue en block/blk-cgroup.c en el kernel de Linux, en versiones anteriores a la 4.11, permite que los usuarios locales provoquen una denegación de servicio (doble liberación) o, posiblemente, causen otros impactos no especificados desencadenando un fallo de creación. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258 https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258 https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3656-1 https://www.debian.org/security/2018/dsa-4188 • CWE-415: Double Free •
CVE-2017-18193
https://notcve.org/view.php?id=CVE-2017-18193
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. fs/f2fs/extent_cache.c en el kernel de Linux, en versiones anteriores a la 4.13, gestiona de forma incorrecta los árboles extent, lo que permite que usuarios locales provoquen una denegación de servicio (error) mediante una aplicación con múltiples hilos. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0 http://www.securityfocus.com/bid/103147 https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0 https://usn.ubuntu.com/3654-1 https://usn.ubuntu.com/3654-2 https://usn.ubuntu.com/3656-1 https://www.debian.org/security/2018/dsa-4188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-7273 – Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
https://notcve.org/view.php?id=CVE-2018-7273
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. En el kernel de Linux hasta la versión 4.15.4, el controlador del disquete revela las direcciones de las funciones del kernel y las variables globales empleando llamadas printk en la función show_floppy en drivers/block/floppy.c. Un atacante puede leer esta información de dmesg y emplear las direcciones para encontrar las localizaciones del código y los datos del kernel y omitir las protecciones de seguridad como KASLR. • https://www.exploit-db.com/exploits/44325 https://github.com/jedai47/CVE-2018-7273 http://www.securityfocus.com/bid/103088 https://lkml.org/lkml/2018/2/20/669 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
https://notcve.org/view.php?id=CVE-2018-6927
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando un valor wake o requeue negativo. The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a http://www.securityfocus.com/bid/103023 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu. • CWE-190: Integer Overflow or Wraparound •
CVE-2017-18174
https://notcve.org/view.php?id=CVE-2017-18174
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. En el kernel de Linux, en versiones anteriores a la 4.7, la función amd_gpio_remove en drivers/pinctrl/pinctrl-amd.c llama a la función pinctrl_unregister, lo que conduce a una doble liberación (double free). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=251e22abde21833b3d29577e4d8c7aaccd650eee http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dca4a41f1ad65043a78c2338d9725f859c8d2c3 https://github.com/torvalds/linux/commit/251e22abde21833b3d29577e4d8c7aaccd650eee https://github.com/torvalds/linux/commit/8dca4a41f1ad65043a78c2338d9725f859c8d2c3 https://usn.ubuntu.com/3848-1 https://usn.ubuntu.com/3848-2 • CWE-415: Double Free •