Page 959 of 5236 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. arch/x86/kvm/vmx.c en el kernel de Linux hasta la versión 4.6.3 no maneja adecuadamente el estado on/off de APICv, lo que permite a usuarios invitados del SO obtener acceso APIC MSR directo en el anfitrión del SO y consecuentemente provocar una denegación de servicio (caída del anfitrión del SO) o posiblemente ejecutar código arbitrario en el anfitrión del SO a través del modo x2APIC. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ce424e45411cf5a13105e0386b6ecf6eeb4f66f http://www.openwall.com/lists/oss-security/2016/05/20/2 https://bugzilla.redhat.com/show_bug.cgi?id=1337806 https://github.com/torvalds/linux/commit/3ce424e45411cf5a13105e0386b6ecf6eeb4f66f • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores involucrando un comando keyctl request2 manipulado. A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org • CWE-253: Incorrect Check of Function Return Value •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call. Error de entero sin signo en el controlador de audio MSM QDSP6 para el kernel de Linux 3.x, según se utiliza en contribuciones Android Qualcomm Innovation Center (QuIC) para dispositivos MSM y otros productos, permite a atacantes obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada que hace una llamada ioctl. • http://source.android.com/security/bulletin/2016-06-01.html http://www.securityfocus.com/bid/91046 https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88 https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. Error de entero sin signo en el controlador de video MSM V4L2 para el kernel de Linux 3.x, según se utiliza en contribuciones Android Qualcomm Innovation Center (QuIC) para dispositivos MSM y otros productos, permite a atacantes obtener privilegios o provocar una denegación de servicio (desbordamiento de array y corrupción de memoria) a través de una aplicación manipulada que desencadena una llamada msm_isp_axi_create_stream. • http://source.android.com/security/bulletin/2016-06-01.html https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.18/commit/id=79db14ca9f791a14be9376a0340ad3b9b9a4d603 https://www.codeaurora.org/array-overflow-msm-v4l2-video-driver-allows-kernel-memory-corruption-cve-2016-2061 • CWE-269: Improper Privilege Management •

CVSS: 8.1EPSS: 0%CPEs: 22EXPL: 1

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. La función ecryptfs_privileged_open en fs/ecryptfs/kthread.c en el kernel de Linux en versiones anteriores a 4.6.3 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (consumo de memoria de pila) a través de vectores involucrados con llamadas mmap manipuladas para nombres de ruta /proc, que conduce a una página de error recursiva manipulada. It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. There is a stack overflow in Linux via ecryptfs and /proc/$pid/environ. • https://www.exploit-db.com/exploits/39992 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opens • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •