Page 861 of 5207 results (0.029 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). Se ha descubierto un problema en el tamaño de la página de stack guard en Linux; específicamente, una página 4k stack guard no es lo suficientemente grande y puede "saltarse" (se omite la página de stack guard). Esto afecta al kernel de Linux en versiones 4.11.5 y anteriores (la página stackguard fue introducida en 2010). A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. • https://www.exploit-db.com/exploits/45625 http://www.debian.org/security/2017/dsa-3886 http://www.securityfocus.com/bid/99130 http://www.securitytracker.com/id/1038724 https://access.redhat.com/errata/RHSA-2017:1482 https://access.redhat.com/errata/RHSA-2017:1483 https://access.redhat.com/errata/RHSA-2017:1484 https://access.redhat.com/errata/RHSA-2017:1485 https://access.redhat.com/errata/RHSA-2017:1486 https://access.redhat.com/errata/RHSA-2017:1487 https://a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. El Kernel de Linux ejecutándose en sistemas AMD64 a veces asignará el contenido de un ejecutable PIE, la región heap o el archivo ld.so donde la pila es asignada, permitiendo a los atacantes manipular más fácilmente la pila. Kernel de Linux versión 4.11.5, esta afectado. • https://www.exploit-db.com/exploits/42275 http://www.securityfocus.com/bid/99284 https://access.redhat.com/errata/RHSA-2017:1482 https://access.redhat.com/errata/RHSA-2017:1484 https://access.redhat.com/errata/RHSA-2017:1485 https://access.redhat.com/errata/RHSA-2017:1486 https://access.redhat.com/errata/RHSA-2017:1487 https://access.redhat.com/errata/RHSA-2017:1488 https://access.redhat.com/errata/RHSA-2017:1489 https://access.redhat.com/errata/RHSA-2017:1490 https&# •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems. El parche offset2lib tal como es usado por el Kernel de Linux contiene una vulnerabilidad que permite que un binario PIE sea execve()'ed con 1 GB de argumentos o cadenas de entorno, entonces la pila ocupa la dirección 0x80000000 y el binario PIE se asigna por encima de 0x40000000 haciendo null la protección del parche offset2lib. • https://www.exploit-db.com/exploits/42274 https://www.exploit-db.com/exploits/42273 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/99149 https://access.redhat.com/security/cve/CVE-2017-1000370 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. El archivo sound/core/timer.c en el kernel de Linux anterior a versión 4.11.5, es vulnerable a una carrera de datos en el controlador de /dev/snd/timer de ALSA, resultando en que los usuarios locales sean capaces de leer la información que pertenece a otros usuarios, es decir, los contenidos de la memoria sin inicializar pueden ser divulgados cuando una lectura y un ioctl se presentan al mismo tiempo. It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378 http://www.debian.org/security/2017/dsa-3981 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5 http://www.openwall.com/lists/oss-security/2017/06/12/2 http://www.securityfocus.com/bid/99121 https://access.redhat.com/errata/RHSA-2017:3295 https:&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815. • http://www.securityfocus.com/bid/98875 http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •