Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2022-0532
Vulnerability from csaf_certbund
Published
2018-05-01 22:00
Modified
2023-05-18 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Debian ist eine Linux-Distribution, die ausschließlich Freie Software enthält.
Oracle Linux ist ein Open Source Betriebssystem, welches unter der GNU General Public License (GPL) verfügbar ist.
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, einen Denial of Service Angriff durchzuführen, Sicherheitsmechanismen zu umgehen, vertrauliche Daten einzusehen oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Linux
- Appliance
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Debian ist eine Linux-Distribution, die ausschlie\u00dflich Freie Software enth\u00e4lt.\r\nOracle Linux ist ein Open Source Betriebssystem, welches unter der GNU General Public License (GPL) verf\u00fcgbar ist.\r\nDer Kernel stellt den Kern des Linux Betriebssystems dar.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, einen Denial of Service Angriff durchzuf\u00fchren, Sicherheitsmechanismen zu umgehen, vertrauliche Daten einzusehen oder seine Privilegien zu erweitern.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0532 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2022-0532.json" }, { "category": "self", "summary": "WID-SEC-2022-0532 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0532" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:2232-1 vom 2023-05-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-May/014918.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:1992-1 vom 2023-04-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014572.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:1897-1 vom 2023-04-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014485.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:1848-1 vom 2023-04-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014466.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3698-1 vom 2018-07-03", "url": "http://www.ubuntu.com/usn/usn-3698-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3697-1 vom 2018-07-03", "url": "http://www.ubuntu.com/usn/usn-3697-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3696-1 vom 2018-07-03", "url": "http://www.ubuntu.com/usn/usn-3696-2" }, { "category": "external", "summary": "Debian Security Advisory DSA-4187-1 vom 2018-05-01", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "category": "external", "summary": "Debian Security Advisory DSA-4188-1 vom 2018-05-01", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4088 vom 2018-05-01", "url": "https://linux.oracle.com/errata/ELSA-2018-4088.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4087 vom 2018-05-01", "url": "https://linux.oracle.com/errata/ELSA-2018-4087.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4089 vom 2018-05-02", "url": "http://linux.oracle.com/errata/ELSA-2018-4089.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1173-1 vom 2018-05-09", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181173-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1172-1 vom 2018-05-09", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181172-1.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:1318 vom 2018-05-09", "url": "http://www.auscert.org.au/bulletins/62478" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:1355 vom 2018-05-09", "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-1318 vom 2018-05-09", "url": "http://linux.oracle.com/errata/ELSA-2018-1318.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1217-1 vom 2018-05-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181217-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1238-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181238-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1225-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181225-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1240-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181240-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1230-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181230-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1223-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181223-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1228-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181228-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1236-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181236-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1239-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181239-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1231-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181231-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1229-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181229-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1237-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181237-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1232-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181232-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1227-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181227-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1234-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181234-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1233-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181233-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1226-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181226-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1235-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181235-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1222-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181222-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1224-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181224-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1263-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181263-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1221-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181221-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1220-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181220-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1249-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181249-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1246-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181246-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1252-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181252-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1260-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181260-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1270-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181270-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1262-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181262-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1242-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181242-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1268-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181268-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1248-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181248-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1258-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181258-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1272-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181272-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1250-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181250-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1253-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181253-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1241-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181241-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1259-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181259-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1256-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181256-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1245-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181245-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1264-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181264-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1254-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181254-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1266-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181266-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1269-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181269-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1251-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181251-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1255-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181255-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1273-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181273-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1243-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181243-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1244-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181244-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1261-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181261-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1267-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181267-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1247-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181247-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1257-1 vom 2018-05-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181257-1.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:1374 vom 2018-05-16", "url": "https://access.redhat.com/errata/RHSA-2018:1374" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1309-1 vom 2018-05-17", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181309-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-1629 vom 2018-05-22", "url": "http://linux.oracle.com/errata/ELSA-2018-1629.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4114 vom 2018-05-23", "url": "http://linux.oracle.com/errata/ELSA-2018-4114.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1366-1 vom 2018-05-23", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181366-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1375-1 vom 2018-05-23", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181375-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1376-1 vom 2018-05-23", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181376-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1386-1 vom 2018-05-23", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181386-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1368-1 vom 2018-05-23", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181368-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1374-1 vom 2018-05-23", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181374-1.html" }, { "category": "external", "summary": "Oraclevm-errata OVMSA-2018-0223 vom 2018-05-23", "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000858.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1465-1 vom 2018-05-30", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181465-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1498-1 vom 2018-06-05", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181498-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1508-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181508-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1551-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181551-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1525-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181525-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1536-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181536-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1511-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181511-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1545-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181545-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1522-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181522-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1530-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181530-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1534-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181534-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1524-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181524-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1505-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181505-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1510-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181510-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1516-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181516-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1523-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181523-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1532-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181532-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1531-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181531-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1521-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181521-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1518-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181518-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1506-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181506-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1548-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181548-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1514-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181514-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1541-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181541-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1546-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181546-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1519-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181519-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1509-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181509-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1528-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181528-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1537-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181537-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1513-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181513-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1512-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181512-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1538-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181538-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1517-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181517-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1535-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181535-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1529-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181529-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1549-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181549-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1540-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181540-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1520-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181520-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1526-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181526-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1533-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181533-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1539-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181539-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1543-1 vom 2018-06-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181543-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1571-1 vom 2018-06-07", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181571-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1570-1 vom 2018-06-07", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181570-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1567-1 vom 2018-06-07", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181567-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1636-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181636-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1644-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181644-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1639-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181639-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1645-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181645-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1641-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181641-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1640-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181640-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1637-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181637-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1648-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181648-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1642-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181642-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1643-1 vom 2018-06-11", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181643-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4145 vom 2018-06-16", "url": "http://linux.oracle.com/errata/ELSA-2018-4145.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4134 vom 2018-06-16", "url": "http://linux.oracle.com/errata/ELSA-2018-4134.html" }, { "category": "external", "summary": "Red Hat Security Advisory", "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1762-1 vom 2018-06-20", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181762-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1761-1 vom 2018-06-20", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181761-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1772-1 vom 2018-06-21", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181772-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1816-1 vom 2018-06-26", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181816-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-1854 vom 2018-06-26", "url": "http://linux.oracle.com/errata/ELSA-2018-1854.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4161 vom 2018-07-10", "url": "http://linux.oracle.com/errata/ELSA-2018-4161.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4164 vom 2018-07-11", "url": "http://linux.oracle.com/errata/ELSA-2018-4164.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-2162 vom 2018-07-11", "url": "http://linux.oracle.com/errata/ELSA-2018-2162.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:2082-1 vom 2018-07-28", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182082-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:2092-1 vom 2018-07-28", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182092-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:2150-1 vom 2018-08-01", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182150-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:2222-1 vom 2018-08-07", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182222-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4193 vom 2018-08-10", "url": "http://linux.oracle.com/errata/ELSA-2018-4193.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-2384 vom 2018-08-15", "url": "http://linux.oracle.com/errata/ELSA-2018-2384.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-2390 vom 2018-08-15", "url": "http://linux.oracle.com/errata/ELSA-2018-2390.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2390 vom 2018-08-14", "url": "http://rhn.redhat.com/errata/RHSA-2018-2390.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2384 vom 2018-08-14", "url": "http://rhn.redhat.com/errata/RHSA-2018-2384.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2384 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2387 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2387" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2388 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2388" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2390 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2389 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2389" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2395 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2391 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2391" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2392 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2392" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2393 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2393" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2394 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2394" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2396 vom 2018-08-15", "url": "https://access.redhat.com/errata/RHSA-2018:2396" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:2332-1 vom 2018-08-15", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182332-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:2366-1 vom 2018-08-16", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182366-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4200 vom 2018-08-17", "url": "http://linux.oracle.com/errata/ELSA-2018-4200.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:2637-1 vom 2018-09-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182637-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:2631-1 vom 2018-09-06", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182631-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4211 vom 2018-09-10", "url": "http://linux.oracle.com/errata/ELSA-2018-4211.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-4308 vom 2018-10-01", "url": "https://www.debian.org/security/2018/dsa-4308" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3003-1 vom 2018-10-04", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3004-1 vom 2018-10-04", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183004-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3084-1 vom 2018-10-09", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183084-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4242 vom 2018-10-10", "url": "http://linux.oracle.com/errata/ELSA-2018-4242.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4245 vom 2018-10-11", "url": "http://linux.oracle.com/errata/ELSA-2018-4245.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4250 vom 2018-10-13", "url": "http://linux.oracle.com/errata/ELSA-2018-4250.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2948 vom 2018-10-31", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:3096 vom 2018-10-31", "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:3083 vom 2018-10-31", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3589-1 vom 2018-11-01", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183589-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3593-1 vom 2018-11-01", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183593-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-3083 vom 2018-11-06", "url": "http://linux.oracle.com/errata/ELSA-2018-3083.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3659-1 vom 2018-11-08", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183659-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4268 vom 2018-11-08", "url": "http://linux.oracle.com/errata/ELSA-2018-4268.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4269 vom 2018-11-08", "url": "http://linux.oracle.com/errata/ELSA-2018-4269.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4285 vom 2018-11-21", "url": "http://linux.oracle.com/errata/ELSA-2018-4285.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3934-1 vom 2018-11-29", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183934-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:3961-1 vom 2018-12-01", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183961-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4301 vom 2018-12-10", "url": "http://linux.oracle.com/errata/ELSA-2018-4301.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-4304 vom 2018-12-12", "url": "http://linux.oracle.com/errata/ELSA-2018-4304.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:4069-1 vom 2018-12-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184069-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:4072-1 vom 2018-12-12", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184072-1.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-4315 vom 2019-01-03", "url": "http://linux.oracle.com/errata/ELSA-2019-4315.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-4316 vom 2019-01-04", "url": "http://linux.oracle.com/errata/ELSA-2019-4316.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-4317 vom 2019-01-05", "url": "http://linux.oracle.com/errata/ELSA-2019-4317.html" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2018-252 vom 2020-01-07", "url": "https://downloads.avaya.com/css/P8/documents/101051981" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2019:0095-1 vom 2019-01-16", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190095-1.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3880-2 vom 2019-02-05", "url": "https://usn.ubuntu.com/3880-2/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3910-1 vom 2019-03-16", "url": "https://usn.ubuntu.com/3910-1/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3910-1 vom 2019-03-16", "url": "https://usn.ubuntu.com/3910-2/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:0641 vom 2019-03-26", "url": "https://access.redhat.com/errata/RHSA-2019:0641" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-4596 vom 2019-04-01", "url": "http://linux.oracle.com/errata/ELSA-2019-4596.html" }, { "category": "external", "summary": "ORACLE OVMSA-2019-0014 vom 2019-05-03", "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000936.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:1190 vom 2019-05-15", "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:1170 vom 2019-05-15", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:1487 vom 2019-06-18", "url": "https://access.redhat.com/errata/RHSA-2019:1487" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:1483 vom 2019-06-18", "url": "https://access.redhat.com/errata/RHSA-2019:1483" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2029 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2029" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2043 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-4742 vom 2019-08-10", "url": "http://linux.oracle.com/errata/ELSA-2019-4742.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2029 vom 2019-08-14", "url": "http://linux.oracle.com/errata/ELSA-2019-2029.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2019:2430-1 vom 2019-09-23", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192430-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2019:2450-1 vom 2019-09-24", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192450-1.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0036 vom 2020-01-07", "url": "https://access.redhat.com/errata/RHSA-2020:0036" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4163-1 vom 2019-10-22", "url": "https://usn.ubuntu.com/4163-1/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4163-2 vom 2019-10-23", "url": "https://usn.ubuntu.com/4163-2/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:4154 vom 2019-12-10", "url": "https://access.redhat.com/errata/RHSA-2019:4154" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:4159 vom 2019-12-10", "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "category": "external", "summary": "Debian Security Advisory DLA 2148 vom 2020-04-01", "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202003/msg00025.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1587-1 vom 2020-06-10", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006912.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1603-1 vom 2020-06-11", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006927.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1599-1 vom 2020-06-10", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006921.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1602-1 vom 2020-06-11", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006932.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1604-1 vom 2020-06-11", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006931.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1602-1 vom 2020-06-11", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006928.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1599-1 vom 2020-06-10", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006924.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1605-1 vom 2020-06-11", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006930.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1605-1 vom 2020-06-11", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006929.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1671-1 vom 2020-06-18", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006966.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1656-1 vom 2020-06-18", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006977.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1663-1 vom 2020-06-18", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006971.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1646-1 vom 2020-06-18", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/006970.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1754-1 vom 2020-06-26", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/007033.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1758-1 vom 2020-06-26", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/007031.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1775-1 vom 2020-06-26", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/007036.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:2156-1 vom 2020-08-07", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007238.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-2323 vom 2020-08-12", "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00019.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4486-1 vom 2020-09-02", "url": "https://usn.ubuntu.com/4486-1/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:2478-1 vom 2020-09-03", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007345.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:2487-1 vom 2020-09-04", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007352.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2861-1 vom 2021-08-27", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009366.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2862-1 vom 2021-08-27", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009367.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-9473 vom 2021-10-08", "url": "http://linux.oracle.com/errata/ELSA-2021-9473.html" }, { "category": "external", "summary": "ORACLE OVMSA-2021-0035 vom 2021-10-12", "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2021-October/001033.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1988 vom 2022-05-10", "url": "https://access.redhat.com/errata/RHSA-2022:1988" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1975 vom 2022-05-10", "url": "https://access.redhat.com/errata/RHSA-2022:1975" }, { "category": "external", "summary": "Debian Security Advisory DLA-3065 vom 2022-07-01", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-9969 vom 2022-11-01", "url": "https://linux.oracle.com/errata/ELSA-2022-9969.html" } ], "source_lang": "en-US", "title": "Linux Kernel: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-05-18T22:00:00.000+00:00", "generator": { "date": "2024-02-15T16:50:57.999+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0532", "initial_release_date": "2018-05-01T22:00:00.000+00:00", "revision_history": [ { "date": "2018-05-01T22:00:00.000+00:00", "number": "1", "summary": "Initial Release" }, { "date": "2018-05-01T22:00:00.000+00:00", "number": "2", "summary": "Version nicht vorhanden" }, { "date": "2018-05-02T22:00:00.000+00:00", "number": "3", "summary": "New remediations available" }, { "date": "2018-05-08T22:00:00.000+00:00", "number": "4", "summary": "New remediations available" }, { "date": "2018-05-10T22:00:00.000+00:00", "number": "5", "summary": "New remediations available" }, { "date": "2018-05-13T22:00:00.000+00:00", "number": "6", "summary": "New remediations available" }, { "date": "2018-05-15T22:00:00.000+00:00", "number": "7", "summary": "New remediations available" }, { "date": "2018-05-16T22:00:00.000+00:00", "number": "8", "summary": "New remediations available" }, { "date": "2018-05-21T22:00:00.000+00:00", "number": "9", "summary": "New remediations available" }, { "date": "2018-05-22T22:00:00.000+00:00", "number": "10", "summary": "New remediations available" }, { "date": "2018-05-23T22:00:00.000+00:00", "number": "11", "summary": "New remediations available" }, { "date": "2018-05-23T22:00:00.000+00:00", "number": "12", "summary": "New remediations available" }, { "date": "2018-05-23T22:00:00.000+00:00", "number": "13", "summary": "Version nicht vorhanden" }, { "date": "2018-05-29T22:00:00.000+00:00", "number": "14", "summary": "New remediations available" }, { "date": "2018-06-05T22:00:00.000+00:00", "number": "15", "summary": "New remediations available" }, { "date": "2018-06-06T22:00:00.000+00:00", "number": "16", "summary": "New remediations available" }, { "date": "2018-06-07T22:00:00.000+00:00", "number": "17", "summary": "New remediations available" }, { "date": "2018-06-11T22:00:00.000+00:00", "number": "18", "summary": "New remediations available" }, { "date": "2018-06-17T22:00:00.000+00:00", "number": "19", "summary": "New remediations available" }, { "date": "2018-06-18T22:00:00.000+00:00", "number": "20", "summary": "New remediations available" }, { "date": "2018-06-19T22:00:00.000+00:00", "number": "21", "summary": "Added references" }, { "date": "2018-06-21T22:00:00.000+00:00", "number": "22", "summary": "New remediations available" }, { "date": "2018-06-24T22:00:00.000+00:00", "number": "23", "summary": "Added references" }, { "date": "2018-06-27T22:00:00.000+00:00", "number": "24", "summary": "Added references" }, { "date": "2018-07-10T22:00:00.000+00:00", "number": "25", "summary": "New remediations available" }, { "date": "2018-07-29T22:00:00.000+00:00", "number": "26", "summary": "New remediations available" }, { "date": "2018-08-01T22:00:00.000+00:00", "number": "27", "summary": "New remediations available" }, { "date": "2018-08-06T22:00:00.000+00:00", "number": "28", "summary": "New remediations available" }, { "date": "2018-08-09T22:00:00.000+00:00", "number": "29", "summary": "New remediations available" }, { "date": "2018-08-14T22:00:00.000+00:00", "number": "30", "summary": "New remediations available" }, { "date": "2018-08-14T22:00:00.000+00:00", "number": "31", "summary": "New remediations available" }, { "date": "2018-08-15T22:00:00.000+00:00", "number": "32", "summary": "New remediations available" }, { "date": "2018-08-16T22:00:00.000+00:00", "number": "33", "summary": "New remediations available" }, { "date": "2018-08-16T22:00:00.000+00:00", "number": "34", "summary": "Version nicht vorhanden" }, { "date": "2018-08-16T22:00:00.000+00:00", "number": "35", "summary": "Version nicht vorhanden" }, { "date": "2018-08-27T22:00:00.000+00:00", "number": "36", "summary": "Added references" }, { "date": "2018-09-06T22:00:00.000+00:00", "number": "37", "summary": "New remediations available" }, { "date": "2018-09-10T22:00:00.000+00:00", "number": "38", "summary": "New remediations available" }, { "date": "2018-10-01T22:00:00.000+00:00", "number": "39", "summary": "New remediations available" }, { "date": "2018-10-04T22:00:00.000+00:00", "number": "40", "summary": "New remediations available" }, { "date": "2018-10-09T22:00:00.000+00:00", "number": "41", "summary": "New remediations available" }, { "date": "2018-10-10T22:00:00.000+00:00", "number": "42", "summary": "New remediations available" }, { "date": "2018-10-14T22:00:00.000+00:00", "number": "43", "summary": "New remediations available" }, { "date": "2018-10-30T23:00:00.000+00:00", "number": "44", "summary": "New remediations available" }, { "date": "2018-10-31T23:00:00.000+00:00", "number": "45", "summary": "New remediations available" }, { "date": "2018-11-05T23:00:00.000+00:00", "number": "46", "summary": "New remediations available" }, { "date": "2018-11-07T23:00:00.000+00:00", "number": "47", "summary": "New remediations available" }, { "date": "2018-11-08T23:00:00.000+00:00", "number": "48", "summary": "New remediations available" }, { "date": "2018-11-20T23:00:00.000+00:00", "number": "49", "summary": "New remediations available" }, { "date": "2018-11-28T23:00:00.000+00:00", "number": "50", "summary": "New remediations available" }, { "date": "2018-12-02T23:00:00.000+00:00", "number": "51", "summary": "New remediations available" }, { "date": "2018-12-03T23:00:00.000+00:00", "number": "52", "summary": "Minor corrections" }, { "date": "2018-12-09T23:00:00.000+00:00", "number": "53", "summary": "New remediations available" }, { "date": "2018-12-11T23:00:00.000+00:00", "number": "54", "summary": "New remediations available" }, { "date": "2018-12-12T23:00:00.000+00:00", "number": "55", "summary": "New remediations available" }, { "date": "2019-01-03T23:00:00.000+00:00", "number": "56", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-01-06T23:00:00.000+00:00", "number": "57", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-01-15T23:00:00.000+00:00", "number": "58", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2019-02-04T23:00:00.000+00:00", "number": "59", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2019-03-17T23:00:00.000+00:00", "number": "60", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2019-03-25T23:00:00.000+00:00", "number": "61", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-03-31T22:00:00.000+00:00", "number": "62", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-05-05T22:00:00.000+00:00", "number": "63", "summary": "Neue Updates von ORACLE aufgenommen" }, { "date": "2019-05-15T22:00:00.000+00:00", "number": "64", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-06-17T22:00:00.000+00:00", "number": "65", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-08-06T22:00:00.000+00:00", "number": "66", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-08-11T22:00:00.000+00:00", "number": "67", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-08-13T22:00:00.000+00:00", "number": "68", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-09-23T22:00:00.000+00:00", "number": "69", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2019-09-24T22:00:00.000+00:00", "number": "70", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2019-10-21T22:00:00.000+00:00", "number": "71", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2019-10-22T22:00:00.000+00:00", "number": "72", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2019-12-09T23:00:00.000+00:00", "number": "73", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-12-09T23:00:00.000+00:00", "number": "74", "summary": "Version nicht vorhanden" }, { "date": "2020-01-06T23:00:00.000+00:00", "number": "75", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2020-01-07T23:00:00.000+00:00", "number": "76", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-04-01T22:00:00.000+00:00", "number": "77", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2020-06-09T22:00:00.000+00:00", "number": "78", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-06-11T22:00:00.000+00:00", "number": "79", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-06-18T22:00:00.000+00:00", "number": "80", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-06-25T22:00:00.000+00:00", "number": "81", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-08-06T22:00:00.000+00:00", "number": "82", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-08-12T22:00:00.000+00:00", "number": "83", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2020-09-01T22:00:00.000+00:00", "number": "84", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2020-09-03T22:00:00.000+00:00", "number": "85", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-09-06T22:00:00.000+00:00", "number": "86", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-08-29T22:00:00.000+00:00", "number": "87", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-10-10T22:00:00.000+00:00", "number": "88", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2021-10-11T22:00:00.000+00:00", "number": "89", "summary": "Neue Updates von ORACLE aufgenommen" }, { "date": "2022-05-10T22:00:00.000+00:00", "number": "90", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-07-03T22:00:00.000+00:00", "number": "91", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-11-01T23:00:00.000+00:00", "number": "92", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2023-04-16T22:00:00.000+00:00", "number": "93", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-04-18T22:00:00.000+00:00", "number": "94", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-04-24T22:00:00.000+00:00", "number": "95", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-05-18T22:00:00.000+00:00", "number": "96", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "96" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Avaya Aura Application Enablement Services", "product": { "name": "Avaya Aura Application Enablement Services", "product_id": "T015516", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_application_enablement_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Communication Manager", "product": { "name": "Avaya Aura Communication Manager", "product_id": "T015126", "product_identification_helper": { "cpe": "cpe:/a:avaya:communication_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura Experience Portal", "product": { "name": "Avaya Aura Experience Portal", "product_id": "T015519", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_experience_portal:-" } } }, { "category": "product_name", "name": "Avaya Aura Session Manager", "product": { "name": "Avaya Aura Session Manager", "product_id": "T015127", "product_identification_helper": { "cpe": "cpe:/a:avaya:session_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura System Manager", "product": { "name": "Avaya Aura System Manager", "product_id": "T015518", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_system_manager:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Open Source Linux Kernel", "product": { "name": "Open Source Linux Kernel", "product_id": "6368", "product_identification_helper": { "cpe": "cpe:/o:linux:linux_kernel:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "287065", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:7" } } }, { "category": "product_name", "name": "Oracle Linux 6", "product": { "name": "Oracle Linux 6", "product_id": "T002988", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:6" } } }, { "category": "product_name", "name": "Oracle Linux 5", "product": { "name": "Oracle Linux 5", "product_id": "T003616", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:5" } } }, { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "product_name", "name": "Linux" }, { "category": "product_name", "name": "Oracle VM", "product": { "name": "Oracle VM", "product_id": "T011119", "product_identification_helper": { "cpe": "cpe:/a:oracle:vm:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-9016", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2015-9016" }, { "cve": "CVE-2017-0861", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-0861" }, { "cve": "CVE-2017-13166", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-13166" }, { "cve": "CVE-2017-13220", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-13220" }, { "cve": "CVE-2017-16526", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-16526" }, { "cve": "CVE-2017-16911", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-16911" }, { "cve": "CVE-2017-16912", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-16912" }, { "cve": "CVE-2017-16913", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-16913" }, { "cve": "CVE-2017-16914", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-16914" }, { "cve": "CVE-2017-17975", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-17975" }, { "cve": "CVE-2017-18017", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18017" }, { "cve": "CVE-2017-18193", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18193" }, { "cve": "CVE-2017-18203", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18203" }, { "cve": "CVE-2017-18216", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18216" }, { "cve": "CVE-2017-18218", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18218" }, { "cve": "CVE-2017-18222", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18222" }, { "cve": "CVE-2017-18224", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18224" }, { "cve": "CVE-2017-18232", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18232" }, { "cve": "CVE-2017-18241", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18241" }, { "cve": "CVE-2017-18257", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-18257" }, { "cve": "CVE-2017-5715", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-5715" }, { "cve": "CVE-2017-5753", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2017-5753" }, { "cve": "CVE-2018-1000004", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-1000004" }, { "cve": "CVE-2018-1000199", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-1000199" }, { "cve": "CVE-2018-10323", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-10323" }, { "cve": "CVE-2018-1065", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-1065" }, { "cve": "CVE-2018-1066", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-1066" }, { "cve": "CVE-2018-1068", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-1068" }, { "cve": "CVE-2018-1092", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-1092" }, { "cve": "CVE-2018-1093", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-1093" }, { "cve": "CVE-2018-1108", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-1108" }, { "cve": "CVE-2018-5332", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-5332" }, { "cve": "CVE-2018-5333", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-5333" }, { "cve": "CVE-2018-5750", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-5750" }, { "cve": "CVE-2018-5803", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-5803" }, { "cve": "CVE-2018-6927", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-6927" }, { "cve": "CVE-2018-7480", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-7480" }, { "cve": "CVE-2018-7492", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-7492" }, { "cve": "CVE-2018-7566", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-7566" }, { "cve": "CVE-2018-7740", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-7740" }, { "cve": "CVE-2018-7757", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-7757" }, { "cve": "CVE-2018-7995", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-7995" }, { "cve": "CVE-2018-8087", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-8087" }, { "cve": "CVE-2018-8781", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-8781" }, { "cve": "CVE-2018-8822", "notes": [ { "category": "description", "text": "Im Linux Kernel befinden sich zahlreiche Schwachstellen. Diese kann ein entfernter anonymer oder authentisierter Angreifer ausnutzen und z. B. Code mit administrativen Privilegien zur Ausf\u00fchrung bringen, einen Denial of Service Angriff durchf\u00fchren, Sicherheitsmechanismen umgehen, vertrauliche Daten einsehen oder seine Privilegien erweitern." } ], "product_status": { "known_affected": [ "T011119", "T015519", "T015518", "67646", "T015516", "6368", "T015127", "T015126", "T002988", "T003616", "T004914", "2951", "T002207", "T000126", "287065" ] }, "release_date": "2018-05-01T22:00:00Z", "title": "CVE-2018-8822" } ] }
cve-2017-18017
Vulnerability from cvelistv5
Published
2018-01-03 06:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:06:50.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://patchwork.ozlabs.org/patch/746618/" }, { "name": "RHSA-2018:1737", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1737" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lkml.org/lkml/2017/4/2/13" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "name": "RHSA-2018:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "name": "RHSA-2018:1130", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "102367", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102367" }, { "name": "SUSE-SU-2018:0834", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" }, { "name": "SUSE-SU-2018:0848", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html" }, { "name": "SUSE-SU-2018:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-3583-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K18352029" }, { "name": "SUSE-SU-2018:0555", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html" }, { "name": "openSUSE-SU-2018:0408", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html" }, { "name": "SUSE-SU-2018:0986", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html" }, { "name": "SUSE-SU-2018:0416", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html" }, { "name": "SUSE-SU-2018:0482", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html" }, { "name": "SUSE-SU-2018:0841", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-3583-2" }, { "name": "SUSE-SU-2018:0660", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-08T11:33:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://patchwork.ozlabs.org/patch/746618/" }, { "name": "RHSA-2018:1737", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1737" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lkml.org/lkml/2017/4/2/13" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "name": "RHSA-2018:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "name": "RHSA-2018:1130", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "102367", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102367" }, { "name": "SUSE-SU-2018:0834", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" }, { "name": "SUSE-SU-2018:0848", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html" }, { "name": "SUSE-SU-2018:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-3583-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K18352029" }, { "name": "SUSE-SU-2018:0555", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html" }, { "name": "openSUSE-SU-2018:0408", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html" }, { "name": "SUSE-SU-2018:0986", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html" }, { "name": "SUSE-SU-2018:0416", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html" }, { "name": "SUSE-SU-2018:0482", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html" }, { "name": "SUSE-SU-2018:0841", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-3583-2" }, { "name": "SUSE-SU-2018:0660", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18017", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3583-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "http://patchwork.ozlabs.org/patch/746618/", "refsource": "MISC", "url": "http://patchwork.ozlabs.org/patch/746618/" }, { "name": "RHSA-2018:1737", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1737" }, { "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36", "refsource": "MISC", "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36" }, { "name": "https://lkml.org/lkml/2017/4/2/13", "refsource": "MISC", "url": "https://lkml.org/lkml/2017/4/2/13" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "USN-3583-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765" }, { "name": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "name": "RHSA-2018:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "name": "RHSA-2018:1130", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "102367", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102367" }, { "name": "SUSE-SU-2018:0834", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" }, { "name": "SUSE-SU-2018:0848", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html" }, { "name": "SUSE-SU-2018:0383", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html" }, { "name": "USN-3583-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3583-1" }, { "name": "https://support.f5.com/csp/article/K18352029", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K18352029" }, { "name": "SUSE-SU-2018:0555", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html" }, { "name": "openSUSE-SU-2018:0408", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html" }, { "name": "SUSE-SU-2018:0986", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html" }, { "name": "SUSE-SU-2018:0416", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html" }, { "name": "SUSE-SU-2018:0482", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html" }, { "name": "SUSE-SU-2018:0841", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html" }, { "name": "USN-3583-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3583-2" }, { "name": "SUSE-SU-2018:0660", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html" }, { "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34", "refsource": "MISC", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18017", "datePublished": "2018-01-03T06:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T21:06:50.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13166
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://www.debian.org/security/2018/dsa-4120 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2018:1062 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1319 | vendor-advisory, x_refsource_REDHAT | |
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:2948 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:0676 | vendor-advisory, x_refsource_REDHAT | |
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:1170 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1130 | vendor-advisory, x_refsource_REDHAT | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "DSA-4120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "RHSA-2018:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "name": "RHSA-2018:1130", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-30T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "DSA-4120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "RHSA-2018:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "name": "RHSA-2018:1130", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "DSA-4120", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "RHSA-2018:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "name": "RHSA-2018:1130", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13166", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:40:26.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1108
Vulnerability from cvelistv5
Published
2018-05-21 21:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3752-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3752-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3718-2/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securityfocus.com/bid/104055 | vdb-entry, x_refsource_BID | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3718-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3752-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:48.721Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "USN-3718-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3718-2/" }, { "name": "104055", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104055" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3718-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3718-1/" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "drivers", "vendor": "kernel", "versions": [ { "status": "affected", "version": "kernel 4.17-rc1" } ] } ], "datePublic": "2018-05-21T00:00:00", "descriptions": [ { "lang": "en", "value": "kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel\u0027s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-330", "description": "CWE-330", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-01T13:06:38", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "USN-3718-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3718-2/" }, { "name": "104055", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104055" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3718-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3718-1/" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1108", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "drivers", "version": { "version_data": [ { "version_value": "kernel 4.17-rc1" } ] } } ] }, "vendor_name": "kernel" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel\u0027s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated." } ] }, "impact": { "cvss": [ [ { "vectorString": "5.9/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-330" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3752-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "USN-3718-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3718-2/" }, { "name": "104055", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104055" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3718-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3718-1/" }, { "name": "USN-3752-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-1/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1108", "datePublished": "2018-05-21T21:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:48.721Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1000199
Vulnerability from cvelistv5
Published
2018-05-24 13:00
Modified
2024-08-05 12:40
Severity ?
EPSS score ?
Summary
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:40:46.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "RHSA-2018:1347", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1347" }, { "name": "RHSA-2018:1348", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1348" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:1354", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1354" }, { "name": "1040806", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040806" }, { "name": "RHSA-2018:1355", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:1345", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1345" }, { "name": "RHSA-2018:1318", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "RHSA-2018:1374", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1374" }, { "name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2018/4/6/813" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3641-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3641-2/" }, { "name": "USN-3641-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3641-1/" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "dateAssigned": "2018-05-18T00:00:00", "datePublic": "2018-04-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-13T08:13:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "RHSA-2018:1347", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1347" }, { "name": "RHSA-2018:1348", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1348" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:1354", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1354" }, { "name": "1040806", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040806" }, { "name": "RHSA-2018:1355", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:1345", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1345" }, { "name": "RHSA-2018:1318", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "RHSA-2018:1374", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1374" }, { "name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2018/4/6/813" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3641-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3641-2/" }, { "name": "USN-3641-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3641-1/" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-05-18T21:46:02.320084", "DATE_REQUESTED": "2018-04-17T08:55:55", "ID": "CVE-2018-1000199", "REQUESTER": "luto@kernel.org", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "RHSA-2018:1347", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1347" }, { "name": "RHSA-2018:1348", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1348" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:1354", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1354" }, { "name": "1040806", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040806" }, { "name": "RHSA-2018:1355", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:1345", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1345" }, { "name": "RHSA-2018:1318", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "RHSA-2018:1374", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1374" }, { "name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation", "refsource": "MLIST", "url": "https://lkml.org/lkml/2018/4/6/813" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3641-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3641-2/" }, { "name": "USN-3641-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3641-1/" }, { "name": "openSUSE-SU-2020:0801", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000199", "datePublished": "2018-05-24T13:00:00", "dateReserved": "2018-04-17T00:00:00", "dateUpdated": "2024-08-05T12:40:46.875Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-6927
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:17:17.281Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3697-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3697-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0654", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0654" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a" }, { "name": "USN-3697-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "103023", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103023" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-12T00:00:00", "descriptions": [ { "lang": "en", "value": "The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-12T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3697-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3697-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0654", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0654" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a" }, { "name": "USN-3697-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "103023", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103023" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6927", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3697-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3697-1/" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0654", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0654" }, { "name": "https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a" }, { "name": "USN-3697-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "103023", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103023" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15", "refsource": "MISC", "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15" }, { "name": "USN-3698-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "USN-3698-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6927", "datePublished": "2018-02-12T19:00:00", "dateReserved": "2018-02-12T00:00:00", "dateUpdated": "2024-08-05T06:17:17.281Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16914
Vulnerability from cvelistv5
Published
2018-01-31 22:00
Modified
2024-09-17 01:42
Severity ?
EPSS score ?
Summary
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Flexera Software LLC | Linux Kernel |
Version: Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:21.329Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/80722/" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102150", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102150" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Flexera Software LLC", "versions": [ { "status": "affected", "version": "Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107" } ] } ], "datePublic": "2018-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service (NULL pointer dereference)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-24T09:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/80722/" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102150", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102150" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "DATE_PUBLIC": "2018-01-31T00:00:00", "ID": "CVE-2017-16914", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107" } ] } } ] }, "vendor_name": "Flexera Software LLC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service (NULL pointer dereference)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49" }, { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "https://www.spinics.net/lists/linux-usb/msg163480.html", "refsource": "MISC", "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "https://secuniaresearch.flexerasoftware.com/advisories/80722/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/advisories/80722/" }, { "name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102150", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102150" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2017-16914", "datePublished": "2018-01-31T22:00:00Z", "dateReserved": "2017-11-21T00:00:00", "dateUpdated": "2024-09-17T01:42:05.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8822
Vulnerability from cvelistv5
Published
2018-03-20 00:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory | |
https://usn.ubuntu.com/3654-1/ | vendor-advisory | |
http://www.securityfocus.com/bid/103476 | vdb-entry | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory | |
https://www.mail-archive.com/netdev%40vger.kernel.org/msg223373.html | ||
https://usn.ubuntu.com/3653-2/ | vendor-advisory | |
https://usn.ubuntu.com/3655-1/ | vendor-advisory | |
https://usn.ubuntu.com/3654-2/ | vendor-advisory | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | mailing-list | |
https://usn.ubuntu.com/3655-2/ | vendor-advisory | |
https://usn.ubuntu.com/3656-1/ | vendor-advisory | |
https://usn.ubuntu.com/3653-1/ | vendor-advisory | |
https://usn.ubuntu.com/3657-1/ | vendor-advisory | |
http://www.openwall.com/lists/oss-security/2022/12/27/3 | mailing-list |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:02:26.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "103476", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103476" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_transferred" ], "url": "https://www.mail-archive.com/netdev%40vger.kernel.org/msg223373.html" }, { "name": "USN-3653-2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "USN-3653-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "USN-3657-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3657-1/" }, { "name": "[oss-security] 20221227 Re: Details on this supposed Linux Kernel ksmbd RCE", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/27/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-27T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "103476", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/103476" }, { "name": "DSA-4188", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "url": "https://www.mail-archive.com/netdev%40vger.kernel.org/msg223373.html" }, { "name": "USN-3653-2", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "USN-3653-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "USN-3657-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3657-1/" }, { "name": "[oss-security] 20221227 Re: Details on this supposed Linux Kernel ksmbd RCE", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/27/3" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-8822", "datePublished": "2018-03-20T00:00:00", "dateReserved": "2018-03-20T00:00:00", "dateUpdated": "2024-08-05T07:02:26.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16526
Vulnerability from cvelistv5
Published
2017-11-04 01:00
Modified
2024-08-05 20:27
Severity ?
EPSS score ?
Summary
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3754-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:27:03.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-11-03T00:00:00", "descriptions": [ { "lang": "en", "value": "drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-24T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16526", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ", "refsource": "MISC", "url": "https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ" }, { "name": "https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16526", "datePublished": "2017-11-04T01:00:00", "dateReserved": "2017-11-03T00:00:00", "dateUpdated": "2024-08-05T20:27:03.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18193
Vulnerability from cvelistv5
Published
2018-02-22 15:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
References
▼ | URL | Tags |
---|---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0 | x_refsource_MISC | |
https://usn.ubuntu.com/3654-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0 | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securityfocus.com/bid/103147 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3654-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3656-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.107Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "103147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103147" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-22T00:00:00", "descriptions": [ { "lang": "en", "value": "fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-23T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "103147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103147" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18193", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "103147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103147" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18193", "datePublished": "2018-02-22T15:00:00", "dateReserved": "2018-02-22T00:00:00", "dateUpdated": "2024-08-05T21:13:49.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1066
Vulnerability from cvelistv5
Published
2018-03-02 08:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html | mailing-list, x_refsource_MLIST | |
https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3880-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://bugzilla.redhat.com/show_bug.cgi?id=1539599 | x_refsource_MISC | |
https://usn.ubuntu.com/3880-2/ | vendor-advisory, x_refsource_UBUNTU | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb | x_refsource_MISC | |
https://patchwork.kernel.org/patch/10187633/ | x_refsource_MISC | |
http://www.securityfocus.com/bid/103378 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel 4.11 |
Version: Linux kernel 4.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:47.336Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3880-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3880-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539599" }, { "name": "USN-3880-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3880-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://patchwork.kernel.org/patch/10187633/" }, { "name": "103378", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103378" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel 4.11", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 4.11" } ] } ], "datePublic": "2018-03-02T00:00:00", "descriptions": [ { "lang": "en", "value": "The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery." } ], "problemTypes": [ { "descriptions": [ { "description": "NULL pointer dereference", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-19T11:06:07", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3880-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3880-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539599" }, { "name": "USN-3880-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3880-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb" }, { "tags": [ "x_refsource_MISC" ], "url": "https://patchwork.kernel.org/patch/10187633/" }, { "name": "103378", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103378" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1066", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel 4.11", "version": { "version_data": [ { "version_value": "Linux kernel 4.11" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "NULL pointer dereference" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3880-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3880-1/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1539599", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539599" }, { "name": "USN-3880-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3880-2/" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb" }, { "name": "https://patchwork.kernel.org/patch/10187633/", "refsource": "MISC", "url": "https://patchwork.kernel.org/patch/10187633/" }, { "name": "103378", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103378" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1066", "datePublished": "2018-03-02T08:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:47.336Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7480
Vulnerability from cvelistv5
Published
2018-02-25 20:00
Modified
2024-08-05 06:31
Severity ?
EPSS score ?
Summary
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
References
▼ | URL | Tags |
---|---|---|
https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258 | x_refsource_MISC | |
https://usn.ubuntu.com/3654-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258 | x_refsource_MISC | |
https://usn.ubuntu.com/3654-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3656-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.602Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-23T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7480", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7480", "datePublished": "2018-02-25T20:00:00", "dateReserved": "2018-02-25T00:00:00", "dateUpdated": "2024-08-05T06:31:03.602Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18232
Vulnerability from cvelistv5
Published
2018-03-15 04:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:3083 | vendor-advisory, x_refsource_REDHAT | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securityfocus.com/bid/103423 | vdb-entry, x_refsource_BID | |
https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d | x_refsource_MISC | |
https://access.redhat.com/errata/RHSA-2018:3096 | vendor-advisory, x_refsource_REDHAT | |
https://usn.ubuntu.com/4163-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/4163-2/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.098Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "103423", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103423" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-4163-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4163-1/" }, { "name": "USN-4163-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4163-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-23T05:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "103423", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103423" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-4163-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4163-1/" }, { "name": "USN-4163-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4163-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18232", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:3083", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "103423", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103423" }, { "name": "https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d" }, { "name": "RHSA-2018:3096", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-4163-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4163-1/" }, { "name": "USN-4163-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4163-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18232", "datePublished": "2018-03-15T04:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T21:13:49.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18218
Vulnerability from cvelistv5
Published
2018-03-05 20:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.
References
▼ | URL | Tags |
---|---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2 | x_refsource_MISC | |
http://www.securityfocus.com/bid/103277 | vdb-entry, x_refsource_BID | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/torvalds/linux/commit/27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.116Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2" }, { "name": "103277", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103277" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-02T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2" }, { "name": "103277", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103277" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18218", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2" }, { "name": "103277", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103277" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "https://github.com/torvalds/linux/commit/27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18218", "datePublished": "2018-03-05T20:00:00", "dateReserved": "2018-03-05T00:00:00", "dateUpdated": "2024-08-05T21:13:49.116Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16911
Vulnerability from cvelistv5
Published
2018-01-31 22:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Flexera Software LLC | Linux Kernel |
Version: Before version 4.14.8 and 4.4.114 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:21.345Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/80454/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102156", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102156" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Flexera Software LLC", "versions": [ { "status": "affected", "version": "Before version 4.14.8 and 4.4.114" } ] } ], "datePublic": "2018-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP." } ], "problemTypes": [ { "descriptions": [ { "description": "Kernel memory address disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-24T09:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/80454/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102156", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102156" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "DATE_PUBLIC": "2018-01-31T00:00:00", "ID": "CVE-2017-16911", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "Before version 4.14.8 and 4.4.114" } ] } } ] }, "vendor_name": "Flexera Software LLC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Kernel memory address disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "name": "https://secuniaresearch.flexerasoftware.com/advisories/80454/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/advisories/80454/" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5" }, { "name": "https://www.spinics.net/lists/linux-usb/msg163480.html", "refsource": "MISC", "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102156", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102156" }, { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2017-16911", "datePublished": "2018-01-31T22:00:00Z", "dateReserved": "2017-11-21T00:00:00", "dateUpdated": "2024-09-16T23:06:46.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1068
Vulnerability from cvelistv5
Published
2018-03-16 16:00
Modified
2024-09-16 16:13
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux Kernel Organization, Inc. | Linux Kernel |
Version: 4.x |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:47.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:1355", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103459", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103459" }, { "name": "RHSA-2018:1318", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Linux Kernel Organization, Inc.", "versions": [ { "status": "affected", "version": "4.x" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-10T15:06:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:1355", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103459", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103459" }, { "name": "RHSA-2018:1318", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2018-1068", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "4.x" } ] } } ] }, "vendor_name": "Linux Kernel Organization, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "refsource": "MLIST", "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "name": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "name": "USN-3674-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:1355", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103459", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103459" }, { "name": "RHSA-2018:1318", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "USN-3677-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "refsource": "MLIST", "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:4159", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4159" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1068", "datePublished": "2018-03-16T16:00:00Z", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-09-16T16:13:09.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5332
Vulnerability from cvelistv5
Published
2018-01-11 07:00
Modified
2024-08-05 05:33
Severity ?
EPSS score ?
Summary
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:33:43.754Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c" }, { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "USN-3620-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3620-2/" }, { "name": "102507", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102507" }, { "name": "RHSA-2018:0470", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0470" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "USN-3620-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3620-1/" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-01-11T00:00:00", "descriptions": [ { "lang": "en", "value": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-05T20:14:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c" }, { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "USN-3620-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3620-2/" }, { "name": "102507", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102507" }, { "name": "RHSA-2018:0470", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0470" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "USN-3620-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3620-1/" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5332", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c" }, { "name": "USN-3617-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3632-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "USN-3620-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3620-2/" }, { "name": "102507", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102507" }, { "name": "RHSA-2018:0470", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0470" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "USN-3620-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3620-1/" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5332", "datePublished": "2018-01-11T07:00:00", "dateReserved": "2018-01-11T00:00:00", "dateUpdated": "2024-08-05T05:33:43.754Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1065
Vulnerability from cvelistv5
Published
2018-03-02 08:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1040446 | vdb-entry, x_refsource_SECTRACK | |
https://usn.ubuntu.com/3654-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2018:2948 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1547824 | x_refsource_MISC | |
https://usn.ubuntu.com/3654-2/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.openwall.net/netdev/2018/01/27/46 | x_refsource_MISC | |
https://usn.ubuntu.com/3656-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://patchwork.ozlabs.org/patch/870355/ | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8 | x_refsource_MISC | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel 4.15.0-rc9 |
Version: Linux kernel 4.15.0-rc9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:47.324Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1040446", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040446" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lists.openwall.net/netdev/2018/01/27/46" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://patchwork.ozlabs.org/patch/870355/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel 4.15.0-rc9", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 4.15.0-rc9" } ] } ], "datePublic": "2018-03-02T00:00:00", "descriptions": [ { "lang": "en", "value": "The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c." } ], "problemTypes": [ { "descriptions": [ { "description": "NULL pointer dereference", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1040446", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040446" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lists.openwall.net/netdev/2018/01/27/46" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://patchwork.ozlabs.org/patch/870355/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1065", "datePublished": "2018-03-02T08:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:47.324Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7492
Vulnerability from cvelistv5
Published
2018-02-26 20:00
Modified
2024-08-05 06:31
Severity ?
EPSS score ?
Summary
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.662Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "103185", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103185" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://patchwork.kernel.org/patch/10096441/" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-15T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "103185", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103185" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393" }, { "tags": [ "x_refsource_MISC" ], "url": "https://patchwork.kernel.org/patch/10096441/" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca" }, { "tags": [ "x_refsource_MISC" ], "url": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7492", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "103185", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103185" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3674-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "USN-3674-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393" }, { "name": "https://patchwork.kernel.org/patch/10096441/", "refsource": "MISC", "url": "https://patchwork.kernel.org/patch/10096441/" }, { "name": "USN-3677-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7", "refsource": "MISC", "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca" }, { "name": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/", "refsource": "MISC", "url": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7492", "datePublished": "2018-02-26T20:00:00", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-08-05T06:31:03.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-5715
Vulnerability from cvelistv5
Published
2018-01-04 13:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Intel Corporation | Microprocessors with Speculative Execution |
Version: All |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:11:48.456Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" }, { "name": "USN-3560-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3560-1/" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3542-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3542-2/" }, { "name": "GLSA-201810-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-06" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "USN-3540-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3540-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" }, { "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "name": "USN-3597-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3597-1/" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "SUSE-SU-2018:0012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" }, { "name": "DSA-4213", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4213" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" }, { "name": "DSA-4120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "openSUSE-SU-2018:0013", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html" }, { "name": "USN-3580-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3580-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K91229003" }, { "name": "USN-3531-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3531-3/" }, { "name": "USN-3620-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3620-2/" }, { "name": "openSUSE-SU-2018:0022", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" }, { "name": "USN-3582-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3582-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:0292", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0292" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-254.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" }, { "name": "SUSE-SU-2018:0019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_18_01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" }, { "name": "102376", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102376" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "USN-3594-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3594-1/" }, { "name": "VU#584653", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/584653" }, { "name": "VU#180049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/180049" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "name": "SUSE-SU-2018:0009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html" }, { "name": "USN-3690-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3690-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html" }, { "name": "USN-3549-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3549-1/" }, { "name": "SUSE-SU-2018:0007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.citrix.com/article/CTX231399" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://spectreattack.com/" }, { "name": "USN-3531-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3531-1/" }, { "name": "FreeBSD-SA-18:03", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" }, { "name": "SUSE-SU-2018:0006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html" }, { "name": "USN-3581-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3581-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" }, { "name": "1040071", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040071" }, { "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr" }, { "name": "USN-3597-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3597-2/" }, { "name": "USN-3581-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3581-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" }, { "name": "SUSE-SU-2018:0010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" }, { "name": "USN-3516-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/usn/usn-3516-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html" }, { "name": "43427", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43427/" }, { "name": "SUSE-SU-2018:0020", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html" }, { "name": "USN-3541-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3541-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.lenovo.com/us/en/solutions/LEN-18282" }, { "name": "USN-3777-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3777-3/" }, { "name": "openSUSE-SU-2018:0023", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html" }, { "name": "SUSE-SU-2018:0008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" }, { "name": "USN-3561-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3561-1/" }, { "name": "USN-3582-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3582-2/" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2017-5715" }, { "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html" }, { "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microprocessors with Speculative Execution", "vendor": "Intel Corporation", "versions": [ { "status": "affected", "version": "All" } ] } ], "datePublic": "2018-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-16T08:06:27", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" }, { "name": "USN-3560-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3560-1/" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3542-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3542-2/" }, { "name": "GLSA-201810-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-06" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "USN-3540-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3540-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" }, { "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "name": "USN-3597-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3597-1/" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "SUSE-SU-2018:0012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" }, { "name": "DSA-4213", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4213" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" }, { "name": "DSA-4120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "openSUSE-SU-2018:0013", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html" }, { "name": "USN-3580-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3580-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K91229003" }, { "name": "USN-3531-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3531-3/" }, { "name": "USN-3620-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3620-2/" }, { "name": "openSUSE-SU-2018:0022", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" }, { "name": "USN-3582-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3582-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:0292", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0292" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xenbits.xen.org/xsa/advisory-254.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" }, { "name": "SUSE-SU-2018:0019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_18_01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" }, { "name": "102376", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102376" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "USN-3594-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3594-1/" }, { "name": "VU#584653", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/584653" }, { "name": "VU#180049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/180049" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "name": "SUSE-SU-2018:0009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html" }, { "name": "USN-3690-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3690-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html" }, { "name": "USN-3549-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3549-1/" }, { "name": "SUSE-SU-2018:0007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.citrix.com/article/CTX231399" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://spectreattack.com/" }, { "name": "USN-3531-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3531-1/" }, { "name": "FreeBSD-SA-18:03", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" }, { "name": "SUSE-SU-2018:0006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html" }, { "name": "USN-3581-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3581-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" }, { "name": "1040071", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040071" }, { "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr" }, { "name": "USN-3597-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3597-2/" }, { "name": "USN-3581-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3581-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" }, { "name": "SUSE-SU-2018:0010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" }, { "name": "USN-3516-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/usn/usn-3516-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html" }, { "name": "43427", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43427/" }, { "name": "SUSE-SU-2018:0020", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html" }, { "name": "USN-3541-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3541-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.lenovo.com/us/en/solutions/LEN-18282" }, { "name": "USN-3777-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3777-3/" }, { "name": "openSUSE-SU-2018:0023", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html" }, { "name": "SUSE-SU-2018:0008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" }, { "name": "USN-3561-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3561-1/" }, { "name": "USN-3582-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3582-2/" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.paloaltonetworks.com/CVE-2017-5715" }, { "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html" }, { "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2018-01-03T00:00:00", "ID": "CVE-2017-5715", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microprocessors with Speculative Execution", "version": { "version_data": [ { "version_value": "All" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" }, { "name": "USN-3560-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3560-1/" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3542-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3542-2/" }, { "name": "GLSA-201810-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-06" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "USN-3540-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3540-2/" }, { "name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" }, { "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "name": "USN-3597-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3597-1/" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "SUSE-SU-2018:0012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" }, { "name": "SUSE-SU-2018:0011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" }, { "name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", "refsource": "MISC", "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" }, { "name": "DSA-4213", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4213" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2018-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" }, { "name": "DSA-4120", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "openSUSE-SU-2018:0013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html" }, { "name": "USN-3580-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3580-1/" }, { "name": "https://support.f5.com/csp/article/K91229003", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K91229003" }, { "name": "USN-3531-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3531-3/" }, { "name": "USN-3620-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3620-2/" }, { "name": "openSUSE-SU-2018:0022", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" }, { "name": "USN-3582-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3582-1/" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:0292", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0292" }, { "name": "http://xenbits.xen.org/xsa/advisory-254.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-254.html" }, { "name": "https://security.netapp.com/advisory/ntap-20180104-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" }, { "name": "SUSE-SU-2018:0019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_01", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_01" }, { "name": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" }, { "name": "102376", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102376" }, { "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "refsource": "CONFIRM", "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "USN-3594-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3594-1/" }, { "name": "VU#584653", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/584653" }, { "name": "VU#180049", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/180049" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2018-003", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" }, { "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "name": "SUSE-SU-2018:0009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html" }, { "name": "USN-3690-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3690-1/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" }, { "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", "refsource": "CONFIRM", "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us" }, { "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html" }, { "name": "USN-3549-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3549-1/" }, { "name": "SUSE-SU-2018:0007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html" }, { "name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", "refsource": "CONFIRM", "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" }, { "name": "https://support.citrix.com/article/CTX231399", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX231399" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "name": "https://spectreattack.com/", "refsource": "MISC", "url": "https://spectreattack.com/" }, { "name": "USN-3531-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3531-1/" }, { "name": "FreeBSD-SA-18:03", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc" }, { "name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", "refsource": "CONFIRM", "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" }, { "name": "SUSE-SU-2018:0006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html" }, { "name": "USN-3581-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3581-1/" }, { "name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", "refsource": "CONFIRM", "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" }, { "name": "1040071", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040071" }, { "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html" }, { "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr", "refsource": "CONFIRM", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr" }, { "name": "USN-3597-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3597-2/" }, { "name": "USN-3581-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3581-2/" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" }, { "name": "SUSE-SU-2018:0010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" }, { "name": "USN-3516-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/usn/usn-3516-1/" }, { "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html" }, { "name": "43427", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43427/" }, { "name": "SUSE-SU-2018:0020", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html" }, { "name": "USN-3541-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3541-2/" }, { "name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", "refsource": "MISC", "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" }, { "name": "https://support.lenovo.com/us/en/solutions/LEN-18282", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/solutions/LEN-18282" }, { "name": "USN-3777-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3777-3/" }, { "name": "openSUSE-SU-2018:0023", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" }, { "name": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html" }, { "name": "SUSE-SU-2018:0008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" }, { "name": "USN-3561-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3561-1/" }, { "name": "USN-3582-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3582-2/" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "https://security.paloaltonetworks.com/CVE-2017-5715", "refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2017-5715" }, { "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html" }, { "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2017-5715", "datePublished": "2018-01-04T13:00:00Z", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2024-09-17T03:28:57.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-5753
Vulnerability from cvelistv5
Published
2018-01-04 13:00
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Intel Corporation | Most Modern Operating Systems |
Version: All |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:11:48.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3542-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3542-2/" }, { "name": "GLSA-201810-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-06" }, { "name": "USN-3540-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3540-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" }, { "name": "USN-3597-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3597-1/" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "SUSE-SU-2018:0012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" }, { "name": "USN-3580-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3580-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K91229003" }, { "name": "openSUSE-SU-2018:0022", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:0292", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0292" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-254.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_18_01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" }, { "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "VU#584653", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/584653" }, { "name": "VU#180049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/180049" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us" }, { "name": "USN-3549-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3549-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.citrix.com/article/CTX231399" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://spectreattack.com/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" }, { "name": "1040071", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040071" }, { "name": "102371", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102371" }, { "name": "USN-3597-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3597-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" }, { "name": "SUSE-SU-2018:0010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" }, { "name": "USN-3540-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3540-1/" }, { "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" }, { "name": "USN-3516-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/usn/usn-3516-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html" }, { "name": "43427", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43427/" }, { "name": "USN-3541-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3541-1/" }, { "name": "USN-3541-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3541-2/" }, { "name": "USN-3542-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3542-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.lenovo.com/us/en/solutions/LEN-18282" }, { "name": "openSUSE-SU-2018:0023", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" }, { "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" }, { "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Most Modern Operating Systems", "vendor": "Intel Corporation", "versions": [ { "status": "affected", "version": "All" } ] } ], "datePublic": "2018-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-19T17:48:07", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3542-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3542-2/" }, { "name": "GLSA-201810-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-06" }, { "name": "USN-3540-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3540-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" }, { "name": "USN-3597-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3597-1/" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "SUSE-SU-2018:0012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" }, { "name": "USN-3580-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3580-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K91229003" }, { "name": "openSUSE-SU-2018:0022", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:0292", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0292" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xenbits.xen.org/xsa/advisory-254.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_18_01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" }, { "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "VU#584653", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/584653" }, { "name": "VU#180049", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/180049" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us" }, { "name": "USN-3549-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3549-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.citrix.com/article/CTX231399" }, { "tags": [ "x_refsource_MISC" ], "url": "https://spectreattack.com/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" }, { "name": "1040071", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040071" }, { "name": "102371", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102371" }, { "name": "USN-3597-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3597-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" }, { "name": "SUSE-SU-2018:0010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" }, { "name": "USN-3540-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3540-1/" }, { "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" }, { "name": "USN-3516-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/usn/usn-3516-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html" }, { "name": "43427", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43427/" }, { "name": "USN-3541-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3541-1/" }, { "name": "USN-3541-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3541-2/" }, { "name": "USN-3542-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3542-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.lenovo.com/us/en/solutions/LEN-18282" }, { "name": "openSUSE-SU-2018:0023", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" }, { "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" }, { "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2018-01-03T00:00:00", "ID": "CVE-2017-5753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Most Modern Operating Systems", "version": { "version_data": [ { "version_value": "All" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3542-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3542-2/" }, { "name": "GLSA-201810-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-06" }, { "name": "USN-3540-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3540-2/" }, { "name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002" }, { "name": "USN-3597-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3597-1/" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "SUSE-SU-2018:0012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" }, { "name": "SUSE-SU-2018:0011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" }, { "name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", "refsource": "MISC", "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2018-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" }, { "name": "USN-3580-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3580-1/" }, { "name": "https://support.f5.com/csp/article/K91229003", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K91229003" }, { "name": "openSUSE-SU-2018:0022", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:0292", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0292" }, { "name": "http://xenbits.xen.org/xsa/advisory-254.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-254.html" }, { "name": "https://security.netapp.com/advisory/ntap-20180104-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_01", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_01" }, { "name": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt" }, { "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" }, { "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "refsource": "CONFIRM", "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "VU#584653", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/584653" }, { "name": "VU#180049", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/180049" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2018-003", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" }, { "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us" }, { "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", "refsource": "CONFIRM", "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us" }, { "name": "USN-3549-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3549-1/" }, { "name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", "refsource": "CONFIRM", "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" }, { "name": "https://support.citrix.com/article/CTX231399", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX231399" }, { "name": "https://spectreattack.com/", "refsource": "MISC", "url": "https://spectreattack.com/" }, { "name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", "refsource": "CONFIRM", "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/" }, { "name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", "refsource": "CONFIRM", "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" }, { "name": "1040071", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040071" }, { "name": "102371", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102371" }, { "name": "USN-3597-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3597-2/" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" }, { "name": "SUSE-SU-2018:0010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" }, { "name": "USN-3540-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3540-1/" }, { "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel" }, { "name": "USN-3516-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/usn/usn-3516-1/" }, { "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html" }, { "name": "43427", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43427/" }, { "name": "USN-3541-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3541-1/" }, { "name": "USN-3541-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3541-2/" }, { "name": "USN-3542-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3542-1/" }, { "name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", "refsource": "MISC", "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" }, { "name": "https://support.lenovo.com/us/en/solutions/LEN-18282", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/solutions/LEN-18282" }, { "name": "openSUSE-SU-2018:0023", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" }, { "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" }, { "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "https://cdrdv2.intel.com/v1/dl/getContent/685359", "refsource": "CONFIRM", "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2017-5753", "datePublished": "2018-01-04T13:00:00Z", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2024-09-16T22:24:53.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5333
Vulnerability from cvelistv5
Published
2018-01-11 07:00
Modified
2024-08-05 05:33
Severity ?
EPSS score ?
Summary
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:33:43.683Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "102510", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102510" }, { "name": "RHSA-2018:0470", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0470" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-01-11T00:00:00", "descriptions": [ { "lang": "en", "value": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-22T18:06:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "102510", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102510" }, { "name": "RHSA-2018:0470", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0470" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5333", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737" }, { "name": "USN-3632-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "USN-3583-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "102510", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102510" }, { "name": "RHSA-2018:0470", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0470" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5333", "datePublished": "2018-01-11T07:00:00", "dateReserved": "2018-01-11T00:00:00", "dateUpdated": "2024-08-05T05:33:43.683Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18216
Vulnerability from cvelistv5
Published
2018-03-05 18:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
References
▼ | URL | Tags |
---|---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=853bc26a7ea39e354b9f8889ae7ad1492ffa28d2 | x_refsource_MISC | |
https://usn.ubuntu.com/3776-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3776-2/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securityfocus.com/bid/103278 | vdb-entry, x_refsource_BID | |
https://github.com/torvalds/linux/commit/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2 | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/3798-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3798-2/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.100Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=853bc26a7ea39e354b9f8889ae7ad1492ffa28d2" }, { "name": "USN-3776-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3776-1/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3776-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3776-2/" }, { "name": "103278", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103278" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-30T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=853bc26a7ea39e354b9f8889ae7ad1492ffa28d2" }, { "name": "USN-3776-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3776-1/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3776-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3776-2/" }, { "name": "103278", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103278" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18216", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=853bc26a7ea39e354b9f8889ae7ad1492ffa28d2", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=853bc26a7ea39e354b9f8889ae7ad1492ffa28d2" }, { "name": "USN-3776-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3776-1/" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3776-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3776-2/" }, { "name": "103278", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103278" }, { "name": "https://github.com/torvalds/linux/commit/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3798-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18216", "datePublished": "2018-03-05T18:00:00", "dateReserved": "2018-03-05T00:00:00", "dateUpdated": "2024-08-05T21:13:49.100Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7757
Vulnerability from cvelistv5
Published
2018-03-08 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:57.906Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4" }, { "name": "USN-3697-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3697-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "103348", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103348" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4" }, { "name": "USN-3697-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3697-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "103348", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103348" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7757", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:3083", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4" }, { "name": "USN-3697-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3697-1/" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "103348", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103348" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3698-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2018:3096", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4" }, { "name": "USN-3698-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7757", "datePublished": "2018-03-08T14:00:00", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:57.906Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1093
Vulnerability from cvelistv5
Published
2018-04-02 03:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel through version 4.15 |
Version: Linux kernel through version 4.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:49.081Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3676-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3676-1/" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2018/03/29/1" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199181" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560782" }, { "name": "USN-3676-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3676-2/" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel through version 4.15", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel through version 4.15" } ] } ], "datePublic": "2018-04-01T00:00:00", "descriptions": [ { "lang": "en", "value": "The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers." } ], "problemTypes": [ { "descriptions": [ { "description": "out-of-bounds read", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-29T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3676-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3676-1/" }, { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://openwall.com/lists/oss-security/2018/03/29/1" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199181" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560782" }, { "name": "USN-3676-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3676-2/" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-1/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1093", "datePublished": "2018-04-02T03:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:49.081Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16912
Vulnerability from cvelistv5
Published
2018-01-31 22:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Flexera Software LLC | Linux Kernel |
Version: Before version 4.14.8, 4.9.71, and 4.4.114 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:21.315Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/77000/" }, { "name": "102150", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102150" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Flexera Software LLC", "versions": [ { "status": "affected", "version": "Before version 4.14.8, 4.9.71, and 4.4.114" } ] } ], "datePublic": "2018-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "The \"get_pipe()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service (out-of-bounds read)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-24T09:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/77000/" }, { "name": "102150", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102150" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "DATE_PUBLIC": "2018-01-31T00:00:00", "ID": "CVE-2017-16912", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "Before version 4.14.8, 4.9.71, and 4.4.114" } ] } } ] }, "vendor_name": "Flexera Software LLC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The \"get_pipe()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service (out-of-bounds read)" } ] } ] }, "references": { "reference_data": [ { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "name": "https://www.spinics.net/lists/linux-usb/msg163480.html", "refsource": "MISC", "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43" }, { "name": "https://secuniaresearch.flexerasoftware.com/advisories/77000/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/advisories/77000/" }, { "name": "102150", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102150" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2017-16912", "datePublished": "2018-01-31T22:00:00Z", "dateReserved": "2017-11-21T00:00:00", "dateUpdated": "2024-09-17T03:48:33.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7995
Vulnerability from cvelistv5
Published
2018-03-09 15:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3654-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://bugzilla.suse.com/show_bug.cgi?id=1084755 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://lkml.org/lkml/2018/3/2/970 | x_refsource_MISC | |
http://www.securityfocus.com/bid/103356 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3654-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/3656-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2018-7995", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-18T19:22:32.395652Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T19:22:44.686Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1084755" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lkml.org/lkml/2018/3/2/970" }, { "name": "103356", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103356" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck\u003ccpu number\u003e directory. NOTE: a third party has indicated that this report is not security relevant" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-23T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1084755" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lkml.org/lkml/2018/3/2/970" }, { "name": "103356", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103356" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7995", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck\u003ccpu number\u003e directory. NOTE: a third party has indicated that this report is not security relevant." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1084755", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1084755" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "https://lkml.org/lkml/2018/3/2/970", "refsource": "MISC", "url": "https://lkml.org/lkml/2018/3/2/970" }, { "name": "103356", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103356" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7995", "datePublished": "2018-03-09T15:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2024-08-05T06:37:59.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18224
Vulnerability from cvelistv5
Published
2018-03-12 03:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
References
▼ | URL | Tags |
---|---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securityfocus.com/bid/103353 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "103353", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-02T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "103353", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18224", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f" }, { "name": "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "103353", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103353" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18224", "datePublished": "2018-03-12T03:00:00", "dateReserved": "2018-03-11T00:00:00", "dateUpdated": "2024-08-05T21:13:49.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18257
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3696-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143 | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3696-2/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3696-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3696-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3696-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3696-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-03T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3696-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3696-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3696-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3696-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18257", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3696-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3696-1/" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143" }, { "name": "https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3696-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3696-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18257", "datePublished": "2018-04-04T17:00:00", "dateReserved": "2018-04-04T00:00:00", "dateUpdated": "2024-08-05T21:13:49.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8087
Vulnerability from cvelistv5
Published
2018-03-13 06:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:46:13.153Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3676-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3676-1/" }, { "name": "USN-3678-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3678-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51" }, { "name": "USN-3678-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3678-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "103397", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103397" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3678-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3678-3/" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3676-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3676-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51" }, { "name": "USN-3678-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3678-4/" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-06T16:06:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3676-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3676-1/" }, { "name": "USN-3678-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3678-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51" }, { "name": "USN-3678-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3678-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "103397", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103397" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3678-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3678-3/" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3676-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3676-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51" }, { "name": "USN-3678-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3678-4/" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-8087", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3676-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3676-1/" }, { "name": "USN-3678-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3678-2/" }, { "name": "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51" }, { "name": "USN-3678-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3678-1/" }, { "name": "USN-3677-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "103397", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103397" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3678-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3678-3/" }, { "name": "USN-3677-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3676-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3676-2/" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51" }, { "name": "USN-3678-4", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3678-4/" }, { "name": "RHSA-2019:2043", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-8087", "datePublished": "2018-03-13T06:00:00", "dateReserved": "2018-03-13T00:00:00", "dateUpdated": "2024-08-05T06:46:13.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-17975
Vulnerability from cvelistv5
Published
2017-12-30 01:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102330 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3654-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3653-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3654-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3656-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3653-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3657-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:06:49.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102330", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102330" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3653-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "USN-3653-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "USN-3657-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3657-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-12-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label\u0027s code attempts to both access and free this data structure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-23T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "102330", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102330" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3653-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "USN-3653-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "USN-3657-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3657-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17975", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label\u0027s code attempts to both access and free this data structure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "102330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102330" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html", "refsource": "MISC", "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3653-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "USN-3653-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "USN-3657-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3657-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17975", "datePublished": "2017-12-30T01:00:00", "dateReserved": "2017-12-29T00:00:00", "dateUpdated": "2024-08-05T21:06:49.896Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16913
Vulnerability from cvelistv5
Published
2018-01-31 22:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Flexera Software LLC | Linux Kernel |
Version: Before version 4.14.8, 4.9.71, and 4.4.114 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:21.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/80601/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102150", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102150" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Flexera Software LLC", "versions": [ { "status": "affected", "version": "Before version 4.14.8, 4.9.71, and 4.4.114" } ] } ], "datePublic": "2018-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service (arbitrary memory allocation)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-24T09:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/80601/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102150", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102150" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "DATE_PUBLIC": "2018-01-31T00:00:00", "ID": "CVE-2017-16913", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "Before version 4.14.8, 4.9.71, and 4.4.114" } ] } } ] }, "vendor_name": "Flexera Software LLC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service (arbitrary memory allocation)" } ] } ] }, "references": { "reference_data": [ { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "https://secuniaresearch.flexerasoftware.com/advisories/80601/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/advisories/80601/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366" }, { "name": "https://www.spinics.net/lists/linux-usb/msg163480.html", "refsource": "MISC", "url": "https://www.spinics.net/lists/linux-usb/msg163480.html" }, { "name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" }, { "name": "102150", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102150" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2017-16913", "datePublished": "2018-01-31T22:00:00Z", "dateReserved": "2017-11-21T00:00:00", "dateUpdated": "2024-09-16T19:47:31.753Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-10323
Vulnerability from cvelistv5
Published
2018-04-24 06:00
Modified
2024-08-05 07:39
Severity ?
EPSS score ?
Summary
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3752-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3752-3/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securityfocus.com/bid/103959 | vdb-entry, x_refsource_BID | |
https://www.spinics.net/lists/linux-xfs/msg17254.html | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3754-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://bugzilla.kernel.org/show_bug.cgi?id=199423 | x_refsource_MISC | |
https://usn.ubuntu.com/3752-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/4486-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:39:07.321Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "103959", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103959" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.spinics.net/lists/linux-xfs/msg17254.html" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199423" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-1/" }, { "name": "USN-4486-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4486-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-08T18:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "103959", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103959" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.spinics.net/lists/linux-xfs/msg17254.html" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199423" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-1/" }, { "name": "USN-4486-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4486-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10323", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3752-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "103959", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103959" }, { "name": "https://www.spinics.net/lists/linux-xfs/msg17254.html", "refsource": "MISC", "url": "https://www.spinics.net/lists/linux-xfs/msg17254.html" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "https://bugzilla.kernel.org/show_bug.cgi?id=199423", "refsource": "MISC", "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199423" }, { "name": "USN-3752-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-1/" }, { "name": "USN-4486-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4486-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-10323", "datePublished": "2018-04-24T06:00:00", "dateReserved": "2018-04-24T00:00:00", "dateUpdated": "2024-08-05T07:39:07.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18203
Vulnerability from cvelistv5
Published
2018-02-27 20:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "103184", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103184" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed" }, { "name": "RHSA-2018:1854", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "USN-3653-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "USN-3653-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "USN-3657-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3657-1/" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:4154", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4154" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-27T00:00:00", "descriptions": [ { "lang": "en", "value": "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-10T15:06:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "103184", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103184" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed" }, { "name": "RHSA-2018:1854", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "USN-3653-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "USN-3653-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "USN-3657-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3657-1/" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:4154", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4154" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18203", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "103184", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103184" }, { "name": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed" }, { "name": "RHSA-2018:1854", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3", "refsource": "MISC", "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "USN-3653-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-2/" }, { "name": "USN-3655-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3655-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "USN-3653-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-1/" }, { "name": "USN-3657-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3657-1/" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:4154", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4154" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18203", "datePublished": "2018-02-27T20:00:00", "dateReserved": "2018-02-27T00:00:00", "dateUpdated": "2024-08-05T21:13:49.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18222
Vulnerability from cvelistv5
Published
2018-03-08 14:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3654-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securityfocus.com/bid/103349 | vdb-entry, x_refsource_BID | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c | x_refsource_MISC | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c | x_refsource_MISC | |
https://usn.ubuntu.com/3654-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3656-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.032Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "103349", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103349" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-08T00:00:00", "descriptions": [ { "lang": "en", "value": "In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-23T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "103349", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103349" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18222", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "103349", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103349" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18222", "datePublished": "2018-03-08T14:00:00", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T21:13:49.032Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18241
Vulnerability from cvelistv5
Published
2018-03-21 16:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/torvalds/linux/commit/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 | x_refsource_MISC | |
https://usn.ubuntu.com/3910-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3910-2/ | vendor-advisory, x_refsource_UBUNTU | |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982" }, { "name": "USN-3910-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3910-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3910-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3910-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-21T00:00:00", "descriptions": [ { "lang": "en", "value": "fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-16T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982" }, { "name": "USN-3910-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3910-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3910-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3910-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18241", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "https://github.com/torvalds/linux/commit/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982" }, { "name": "USN-3910-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3910-1/" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3910-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3910-2/" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18241", "datePublished": "2018-03-21T16:00:00", "dateReserved": "2018-03-21T00:00:00", "dateUpdated": "2024-08-05T21:13:49.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13220
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 21:58
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://security-tracker.debian.org/tracker/CVE-2017-13220 | x_refsource_CONFIRM | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a | x_refsource_CONFIRM | |
https://bugzilla.suse.com/show_bug.cgi?id=1076537 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1536155 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3655-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3655-2/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-13220" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-30T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-13220" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3655-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13220", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2017-13220", "refsource": "CONFIRM", "url": "https://security-tracker.debian.org/tracker/CVE-2017-13220" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a" }, { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1076537", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html", "refsource": "CONFIRM", "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html" }, { "name": "USN-3655-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13220", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T21:58:00.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5750
Vulnerability from cvelistv5
Published
2018-01-26 19:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:40:51.209Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3631-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "1040319", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040319" }, { "name": "USN-3631-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "DSA-4120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "USN-3697-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3697-1/" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://patchwork.kernel.org/patch/10174835/" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3631-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "1040319", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040319" }, { "name": "USN-3631-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "DSA-4120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "USN-3697-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3697-1/" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://patchwork.kernel.org/patch/10174835/" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5750", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3631-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "1040319", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040319" }, { "name": "USN-3631-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "DSA-4120", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "USN-3697-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3697-1/" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "https://patchwork.kernel.org/patch/10174835/", "refsource": "CONFIRM", "url": "https://patchwork.kernel.org/patch/10174835/" }, { "name": "USN-3698-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3698-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5750", "datePublished": "2018-01-26T19:00:00", "dateReserved": "2018-01-17T00:00:00", "dateUpdated": "2024-08-05T05:40:51.209Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0861
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "RHSA-2018:2390", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "[secure-testing-commits] 20171206 r58306 - data/CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "102329", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102329" }, { "name": "RHSA-2020:0036", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0036" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-15T02:22:55", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "RHSA-2018:2390", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "[secure-testing-commits] 20171206 r58306 - data/CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "102329", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102329" }, { "name": "RHSA-2020:0036", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0036" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0861", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:3083", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "RHSA-2018:2390", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "USN-3583-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "[secure-testing-commits] 20171206 r58306 - data/CVE", "refsource": "MLIST", "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "RHSA-2018:3096", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "102329", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102329" }, { "name": "RHSA-2020:0036", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0036" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2017-0861", "refsource": "CONFIRM", "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0861", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:09:26.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8781
Vulnerability from cvelistv5
Published
2018-04-23 19:00
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Check Point Software Technologies Ltd. | Linux Kernel |
Version: kernel version 3.4 and up to and including 4.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:02:26.050Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://patchwork.freedesktop.org/patch/211845/" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Check Point Software Technologies Ltd.", "versions": [ { "status": "affected", "version": "kernel version 3.4 and up to and including 4.15" } ] } ], "datePublic": "2018-03-21T00:00:00", "descriptions": [ { "lang": "en", "value": "The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space." } ], "problemTypes": [ { "descriptions": [ { "description": "Local Privilege Escalation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "tags": [ "x_refsource_MISC" ], "url": "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "tags": [ "x_refsource_MISC" ], "url": "https://patchwork.freedesktop.org/patch/211845/" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@checkpoint.com", "DATE_PUBLIC": "2018-03-21T00:00:00", "ID": "CVE-2018-8781", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "kernel version 3.4 and up to and including 4.15" } ] } } ] }, "vendor_name": "Check Point Software Technologies Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Local Privilege Escalation" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:3083", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/", "refsource": "MISC", "url": "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3674-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "https://patchwork.freedesktop.org/patch/211845/", "refsource": "MISC", "url": "https://patchwork.freedesktop.org/patch/211845/" }, { "name": "USN-3677-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2018:3096", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3096" } ] } } } }, "cveMetadata": { "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "assignerShortName": "checkpoint", "cveId": "CVE-2018-8781", "datePublished": "2018-04-23T19:00:00Z", "dateReserved": "2018-03-19T00:00:00", "dateUpdated": "2024-09-16T23:56:54.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7740
Vulnerability from cvelistv5
Published
2018-03-07 08:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:3083 | vendor-advisory, x_refsource_REDHAT | |
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3910-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4188 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3910-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://bugzilla.kernel.org/show_bug.cgi?id=199037 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103316 | vdb-entry, x_refsource_BID | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | mailing-list, x_refsource_MLIST | |
https://access.redhat.com/errata/RHSA-2018:3096 | vendor-advisory, x_refsource_REDHAT |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:57.887Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3910-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3910-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3910-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3910-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199037" }, { "name": "103316", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103316" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-07T00:00:00", "descriptions": [ { "lang": "en", "value": "The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-16T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3910-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3910-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3910-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3910-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199037" }, { "name": "103316", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103316" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7740", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:3083", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3910-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3910-1/" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3910-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3910-2/" }, { "name": "https://bugzilla.kernel.org/show_bug.cgi?id=199037", "refsource": "CONFIRM", "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199037" }, { "name": "103316", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103316" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "RHSA-2018:3096", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3096" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7740", "datePublished": "2018-03-07T08:00:00", "dateReserved": "2018-03-07T00:00:00", "dateUpdated": "2024-08-05T06:37:57.887Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5803
Vulnerability from cvelistv5
Published
2018-06-12 16:00
Modified
2024-08-05 05:47
Severity ?
EPSS score ?
Summary
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux Foundation | Linux Kernel |
Version: Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:47:55.973Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "81331", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/81331/" }, { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51" }, { "name": "RHSA-2018:1854", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "name": "USN-3697-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3697-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://www.spinics.net/lists/netdev/msg482523.html" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3697-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c" }, { "name": "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://www.spinics.net/lists/linux-sctp/msg07036.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-2/" }, { "name": "RHSA-2019:0641", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Linux Foundation", "versions": [ { "status": "affected", "version": "Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102." } ] } ], "datePublic": "2018-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-26T10:06:07", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "name": "81331", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "https://secuniaresearch.flexerasoftware.com/advisories/81331/" }, { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51" }, { "name": "RHSA-2018:1854", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "name": "USN-3697-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3697-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://www.spinics.net/lists/netdev/msg482523.html" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3697-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c" }, { "name": "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://www.spinics.net/lists/linux-sctp/msg07036.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-2/" }, { "name": "RHSA-2019:0641", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2018-5803", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102." } ] } } ] }, "vendor_name": "Linux Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "81331", "refsource": "SECUNIA", "url": "https://secuniaresearch.flexerasoftware.com/advisories/81331/" }, { "name": "RHSA-2018:3083", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51" }, { "name": "RHSA-2018:1854", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "name": "USN-3697-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3697-1/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information", "refsource": "MLIST", "url": "https://www.spinics.net/lists/netdev/msg482523.html" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3697-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3697-2/" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c" }, { "name": "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending", "refsource": "MLIST", "url": "https://www.spinics.net/lists/linux-sctp/msg07036.html" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121" }, { "name": "USN-3698-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/" }, { "name": "RHSA-2018:3096", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3698-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-2/" }, { "name": "RHSA-2019:0641", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0641" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2018-5803", "datePublished": "2018-06-12T16:00:00", "dateReserved": "2018-01-19T00:00:00", "dateUpdated": "2024-08-05T05:47:55.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7566
Vulnerability from cvelistv5
Published
2018-03-30 21:00
Modified
2024-08-05 06:31
Severity ?
EPSS score ?
Summary
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:04.728Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3631-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3631-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "RHSA-2018:2390", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "RHSA-2018:2395", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103605", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103605" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "[alsa-devel] 20180214 [PATCH] ALSA: seq: Fix racy pool initializations", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "SUSE-SU-2018:0834", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" }, { "name": "RHSA-2019:1483", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1483" }, { "name": "RHSA-2019:1487", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1487" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-15T02:22:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3631-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3631-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "RHSA-2018:2390", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "RHSA-2018:2395", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103605", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103605" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "[alsa-devel] 20180214 [PATCH] ALSA: seq: Fix racy pool initializations", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "SUSE-SU-2018:0834", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" }, { "name": "RHSA-2019:1483", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1483" }, { "name": "RHSA-2019:1487", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1487" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7566", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3631-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3631-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "RHSA-2018:2390", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "RHSA-2018:2395", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103605", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103605" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "[alsa-devel] 20180214 [PATCH] ALSA: seq: Fix racy pool initializations", "refsource": "MLIST", "url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html" }, { "name": "USN-3798-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "SUSE-SU-2018:0834", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" }, { "name": "RHSA-2019:1483", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1483" }, { "name": "RHSA-2019:1487", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1487" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7566", "datePublished": "2018-03-30T21:00:00", "dateReserved": "2018-02-28T00:00:00", "dateUpdated": "2024-08-05T06:31:04.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1092
Vulnerability from cvelistv5
Published
2018-04-02 03:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel through version 4.15 |
Version: Linux kernel through version 4.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:48.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3676-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3676-1/" }, { "name": "USN-3678-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3678-2/" }, { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2018/03/29/1" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3678-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3678-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199179" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3678-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3678-3/" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777" }, { "name": "USN-3676-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3676-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3678-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3678-4/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199275" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel through version 4.15", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel through version 4.15" } ] } ], "datePublic": "2018-04-01T00:00:00", "descriptions": [ { "lang": "en", "value": "The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image." } ], "problemTypes": [ { "descriptions": [ { "description": "NULL pointer dereference", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-3676-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3676-1/" }, { "name": "USN-3678-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3678-2/" }, { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "tags": [ "x_refsource_MISC" ], "url": "http://openwall.com/lists/oss-security/2018/03/29/1" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3678-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3678-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199179" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3678-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3678-3/" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777" }, { "name": "USN-3676-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3676-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3678-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3678-4/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199275" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1092", "datePublished": "2018-04-02T03:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:48.417Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1000004
Vulnerability from cvelistv5
Published
2018-01-16 20:00
Modified
2024-08-05 12:33
Severity ?
EPSS score ?
Summary
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:33:48.504Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3631-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3631-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "RHSA-2018:2390", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "104606", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104606" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0654", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0654" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "[oss-security] 20180116 sound driver Conditional competition", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2018/q1/51" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "RHSA-2019:1483", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1483" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "dateAssigned": "2018-01-15T00:00:00", "datePublic": "2018-01-16T00:00:00", "descriptions": [ { "lang": "en", "value": "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-15T02:22:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3631-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3631-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "RHSA-2018:2390", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "104606", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104606" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0654", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0654" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "[oss-security] 20180116 sound driver Conditional competition", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2018/q1/51" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "RHSA-2019:1483", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1483" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-01-15", "ID": "CVE-2018-1000004", "REQUESTER": "a4651386@163.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3631-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3631-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "RHSA-2018:2390", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "104606", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104606" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:0654", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0654" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "[oss-security] 20180116 sound driver Conditional competition", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2018/q1/51" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3798-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "RHSA-2019:1483", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1483" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000004", "datePublished": "2018-01-16T20:00:00", "dateReserved": "2018-01-16T00:00:00", "dateUpdated": "2024-08-05T12:33:48.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9016
Vulnerability from cvelistv5
Published
2018-04-05 18:00
Modified
2024-09-17 04:28
Severity ?
EPSS score ?
Summary
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-02T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2015-9016", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9" }, { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9016", "datePublished": "2018-04-05T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-17T04:28:55.719Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.