Page 947 of 5207 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook. La función apparmor_setprocattr en security/apparmor/lsm.c en el kernel de Linux en versiones anteriores a 4.6.5 no valida el tamaño de búfer, lo que permite a usuarios locales obtener privilegios desencadenando un gancho AppArmor setprocattr. • https://www.exploit-db.com/exploits/44301 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a46a4647fd1df9cf52e43bf467f0d9265096ca http://marc.info/?l=linux-kernel&m=146793642811929&w=2 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.5 http://www.openwall.com/lists/oss-security/2016/07/09/2 http://www.securityfocus.com/bid/91696 https://bugzilla.redhat.com/show_bug.cgi?id=1354383 https://github.com/torvalds/linux/commit/30a46a4647fd1df9cf5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. Pérdida de memoria en la función airspy_probe en drivers/media/usb/airspy/airspy.c en el controlador USB airspy en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de un dispositivo USB manipulado que emula muchos dispositivos VFL_TYPE_SDR o VFL_TYPE_SUBDEV y realiza muchas operaciones de conexión y desconexión. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848 http://www.openwall.com/lists/oss-security/2016/07/25/1 http://www.securityfocus.com/bid/92104 http://www.securitytracker.com/id/1036432 http://www.ubuntu.com/usn/USN-3070-1 http://www.ubuntu.com/usn/USN-3070-2 http://www.ubuntu.com/usn/USN-3070-3 http://www.ubuntu.com/usn/USN-3070-4 https://bugzilla.redhat.com/show_bug.cgi?id=1358184 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. arch/powerpc/kvm/book3s_hv_rmhandlers.S en el kernel de Linux hasta la versión 4.7 en plataformas PowerPC, cuando se encuentra habilitada CONFIG_KVM_BOOK3S_64_HV, permite a usuarios invitados del SO provocar una denegación de servicio (bucle infinito del SO anfitrión) haciendo una hiperllamada H_CEDE durante la existencia de una transacción suspendida. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f024ee098476a3e620232e4a78cfac505f121245 http://rhn.redhat.com/errata/RHSA-2016-2574.html http://www.openwall.com/lists/oss-security/2016/07/28/2 https://bugzilla.redhat.com/show_bug.cgi?id=1349916 https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3 https://github.com/torvalds/linux/commit/ • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1

Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability. Condición de carrera en la función ioctl_file_dedupe_range en fs/ioctl.c en el kernel de Linux hasta la versión 4.7 permite a usuarios locales provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) o posiblemente obtener privilegios cambiando un cierto valor de recuento, también conocido como una vulnerabilidad de "doble recuperación". • https://github.com/wpengfei/CVE-2016-6516-exploit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10eec60ce79187686e052092e5383c99b4420a20 http://www.openwall.com/lists/oss-security/2016/07/31/6 http://www.securityfocus.com/bid/92259 https://bugzilla.redhat.com/show_bug.cgi?id=1362457 https://github.com/torvalds/linux/commit/10eec60ce79187686e052092e5383c99b4420a20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 1

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758 http://rhn.redhat.com/errata/RHSA-2016-1631.html http://rhn.redhat.com/errata/RHSA-2016-1632.html http://rhn.redhat.com/errata/RHSA-2016-1633.html http://rhn.redhat.com/errata/RHSA-2016-1657.html http://rhn.redhat.com/errata/RHSA-2016-1664.html http://rhn.redhat.com/errata/RHSA-2016-1814.html http://rhn.redhat.com/errata/RHSA-2016-1815.html http://rhn. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •