Page 935 of 5207 results (0.018 seconds)

CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0

Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. Condición de carrera en la función ion_ioctl en drivers/staging/android/ion/ion.c en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) llamando a ION_IOC_FREE en dos CPUs al mismo tiempo. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 http://source.android.com/security/bulletin/2016-12-01.html http://www.securityfocus.com/bid/94669 https://github.com/torvalds/linux/commit/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. La función icmp6_send en net/ipv6/icmp.c en el kernel de Linux hasta la versión 4.8.12 omite una cierta comprobación de la estructura de datos dst, lo que permite a atacantes remotos provocar una denegación de servicio (pánico) a través de un paquete IPv6 fragmentado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 http://www.openwall.com/lists/oss-security/2016/12/08/15 http://www.securityfocus.com/bid/94824 https://github.com/torvalds/linux/commit/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 5

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. Condición de carrera en net/packet/af_packet.c en el kernel de Linux hasta la versión 4.8.12 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) aprovechando la capacidad CAP_NET_RAW de cambiar una versión socket, relacionado con las funciones packet_set_ring y packet_setsockopt. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. • https://www.exploit-db.com/exploits/44696 https://www.exploit-db.com/exploits/40871 https://www.exploit-db.com/exploits/47170 https://github.com/LakshmiDesai/CVE-2016-8655 https://github.com/KosukeShimofuji/CVE-2016-8655 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html http://l • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. La función mpi_powm en lib/mpi/mpi-pow.c en el kernel Linux hasta la versión 4.8.11 no se asegura que la memoria esté alojada para datos limb, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de memoria de pila y pánico) a través de una llamada de sistema add_key para una llave RSA con un componente cero. A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073 http://seclists.org/fulldisclosure/2016/Nov/76 http://www.openwall.com/lists/oss-security/2016/11/24/8 http://www.securityfocus.com/bid/94532 http://www.securitytracker.com/id/1037968 https://access.redhat.com/errata/RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0933 https://access.redhat.com/errata/RHSA- • CWE-20: Improper Input Validation CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. La función hash_accept en crypto/algif_hash.c en el kernel Linux en versiones anteriores a 4.3.6 permite a usuarios locales provocar una denegación de servicio (OOPS) intentando desencadenar el uso de algoritmos hash in-kernel para un enchufe que ha recibido cero bytes de datos. A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.6 http://www.openwall.com/lists/oss-security/2016/11/15/2 http://www.securityfocus.com/bid/94309 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://bugzilla.redhat.com/show_bug.cgi?id=1388821 https: • CWE-476: NULL Pointer Dereference •