CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5344 – kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service
https://notcve.org/view.php?id=CVE-2018-5344
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. En el kernel de Linux hasta la versión 4.14.13, drivers/block/loop.c gestiona de manera incorrecta la serialización de lo_release, lo que permite que atacantes provoquen una denegación de servicio (uso de memoria previamente liberada de __lock_acquire) o, posiblemente, otro impacto sin especificar. A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 http://www.securityfocus.com/bid/102503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https://usn.ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7374
https://notcve.org/view.php?id=CVE-2017-7374
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. Vulnerabilidad de uso después de liberación de memoria en fs/crypto/ en el kernel de Linux en versiones anteriores a 4.10.7 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) o posiblemente obtener privilegios revocando el llavero de claves utilizado para cifrado ext4, f2fs o ubifs, provocando que los objetos de transformación criptográfica sean liberados prematuramente. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cf9815bb4744958d41f3795d5d5a1d365e2d http://www.securityfocus.com/bid/97308 https://github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2d https://source.android.com/security/bulletin/2017-10-01 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2647 – kernel: Null pointer dereference in search_keyring
https://notcve.org/view.php?id=CVE-2017-2647
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a 3.18 permite a los usuarios locales obtener privilegios o provocar una denegación de servicio (referencia a puntero NULL y bloqueo del sistema) a través de vectores que implican un valor NULL para un cierto campo de coincidencia, relacionado con la función keyring_search_iterator en keyring.c. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 http://www.securityfocus.com/bid/97258 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2437 https://access.redhat.com/errata/RHSA-2017:2444 https://bugzilla.redhat.com/show_bug.cgi?id=1428353 https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 https://usn.ubuntu. • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7346
https://notcve.org/view.php?id=CVE-2017-7346
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. La función vmw_gb_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión4.10.7 no valida ciertos niveles de datos, lo que permite a usuarios locales provocar una denegación de servicio (colgar sistema) a través de una llamada al archivo ioctl manipulado para un dispositivo /dev/dri/renderD*. • http://marc.info/?l=linux-kernel&m=149086968410117&w=2 http://www.debian.org/security/2017/dsa-3927 http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/97257 https://bugzilla.redhat.com/show_bug.cgi?id=1437431 https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 4CVE-2017-7308 – Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7308
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. La función packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versión 4.10.6, no comprueba apropiadamente ciertos datos de tamaño de bloque, lo que permite a los usuarios locales causar una denegación de servicio (error de firma de enteros y escritura fuera de límites), y alcanzar privilegios (si se mantiene la capacidad CAP_NET_RAW), por medio de llamadas de sistema diseñadas. It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation. • https://www.exploit-db.com/exploits/44654 https://www.exploit-db.com/exploits/41994 https://www.exploit-db.com/exploits/47168 https://github.com/anldori/CVE-2017-7308 http://www.securityfocus.com/bid/97234 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://access.redhat.com/errata/RHSA-2018:1854 https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-pa • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •