CVE-2017-18017 – kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c
https://notcve.org/view.php?id=CVE-2017-18017
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. La función tcpmss_mangle_packet en net/netfilter/xt_TCPMSS.c en el kernel de Linux, en versiones anteriores a la 4.11 y en versiones 4.9.x anteriores a la 4.9.36, permite que atacantes remotos provoquen una denegación de servicio (uso de memoria previamente liberada y corrupción de memoria) o, posiblemente, otro tipo de impacto sin especificar aprovechando la presencia de xt_TCPMSS en una acción iptables. The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901 http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2016-5244
https://notcve.org/view.php?id=CVE-2016-5244
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. La función rds_inc_info_copy en net/rds/recv.c en el kernel de Linux hasta la versión 4.6.3 no inicializa un cierto miembro de estructura, lo que permite a atacantes remotos obtener información sensible de la memoria de pila del kernel leyendo un mensaje RDS. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3951
https://notcve.org/view.php?id=CVE-2016-3951
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Vulnerabilidad de liberación de memoria doble en drivers/net/usb/cdc_ncm.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) o posiblemente tener otro impacto no especificado insertando un dispositivo USB con un descriptor USB no válido. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005 •
CVE-2015-8845 – kernel: incorrect restoration of machine specific registers from userspace
https://notcve.org/view.php?id=CVE-2015-8845
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. La función tm_reclaim_thread en arch/powerpc/kernel/process.c en el Kernel de Linux en versiones anteriores a 4.4.1 sobre plataformas powerpc no asegura que exista el modo TM suspend antes de proceder con una llamada tm_reclaim, lo que permite a usuarios locales provocar una denegación de servicio (excepción TM Bad Thing y pánico) a través de una aplicación manipulada. A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-258 • CWE-284: Improper Access Control CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2016-2782 – Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor 'treo_attach' Nullpointer Dereference
https://notcve.org/view.php?id=CVE-2016-2782
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. La función treo_attach en drivers/usb/serial/visor.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tener otro impacto no especificado mediante la inserción de un dispositivo USB que carece de punto final en (1) bulk-in o (2) interrupt-in. Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (treo_attach) driver. • https://www.exploit-db.com/exploits/39539 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016 • CWE-476: NULL Pointer Dereference •