219 matches found
kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dmgetfromkobject which can be caused by local users leveraging a race condition with dmdestroy during creation and removal of DM devices. Only privileged local users with CAPSYSADMIN capability can...
CVE-2018-12189
Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access...
kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file...
CVE-2018-18653
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with...
CVE-2018-18653
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with...
CVE-2018-12172
Improper password hashing in firmware in Intel Server Board S7200AP,S7200APR and Intel Compute Module HNS7200AP, HNS7200AP may allow a privileged user to potentially disclose firmware passwords via local access...
CVE-2018-3686
Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access...
QEMU: cirrus: OOB access when updating VGA display
Quick Emulator aka QEMU, when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds access and QEMU process crash by leveraging incorrect region calculation when updating VGA display...
Race condition
Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility DCCU, which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted...
CVE-2009-5152
Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility DCCU, which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted...
kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dmgetfromkobject which can be caused by local users leveraging a race condition with dmdestroy during creation and removal of DM devices. Only privileged local users with CAPSYSADMIN capability can...
UBUNTU-CVE-2018-7858
Quick Emulator aka QEMU, when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds access and QEMU process crash by leveraging incorrect region calculation when updating VGA display...
CVE-2018-2575
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with network access via multiple protocols to compromise...
DEBIAN-CVE-2017-9310
QEMU aka Quick Emulator, when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service infinite loop via vectors related to setting the initial receive / transmit descriptor head TDH/RDH outside the allocated descriptor buffer...
UBUNTU-CVE-2017-7718
hw/display/cirrusvgarop.h in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service out-of-bounds read and QEMU process crash via vectors related to copying VGA data via the cirrusbitbltropfwdtransp and cirrusbitbltropfwd functions...
DEBIAN-CVE-2017-5525
Memory leak in hw/audio/ac97.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service host memory consumption and QEMU process crash via a large number of device unplug operations...
DEBIAN-CVE-2017-5579
Memory leak in the serialexitcore function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service host memory consumption and QEMU process crash via a large number of device unplug operations...
CVE-2017-5669
The doshmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is...
UBUNTU-CVE-2015-7549
The MSI-X MMIO support in hw/pci/msix.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service NULL pointer dereference and QEMU process crash by leveraging failure to define the .write method...