CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9191 – Kernel Live Patch Security Notice LSN-0021-1
https://notcve.org/view.php?id=CVE-2016-9191
28 Nov 2016 — The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. La implementación offline cgroup en el kernel Linux hasta la versión 4.8.11 maneja incorrectamente ciertas operaciones drain, lo que permite a usuarios locales provocar una denegación de servicio (colgado de sistema) aprovech... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8650 – kernel: Null pointer dereference via keyctl
https://notcve.org/view.php?id=CVE-2016-8650
28 Nov 2016 — The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. La función mpi_powm en lib/mpi/mpi-pow.c en el kernel Linux hasta la versión 4.8.11 no se asegura que la memoria esté alojada para datos limb, lo que permite a usuarios locales provocar una denegación de servicio (corrupción... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8970 – kernel: crypto: GPF in lrw_crypt caused by null-deref
https://notcve.org/view.php?id=CVE-2015-8970
28 Nov 2016 — crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. crypto/algif_skcipher.c en el kernel Linux en versiones anteriores a 4.4.2 no verifica que una operación setkey haya sido llevada ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 6%CPEs: 1EXPL: 0CVE-2016-8633 – kernel: Buffer overflow in firewire driver via crafted incoming packets
https://notcve.org/view.php?id=CVE-2016-8633
28 Nov 2016 — drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. drivers/firewire/net.c en el kernel Linux en versiones anteriores a 4.8.7, en ciertas configuraciones de hardware no usuales, permite a atacantes remotos ejecutar un código arbitrario a través de paquetes fragmentados manipulados. A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9084 – kernel: Integer overflow when using kzalloc in vfio driver
https://notcve.org/view.php?id=CVE-2016-9084
28 Nov 2016 — drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. drivers/vfio/pci/vfio_pci_intrs.c en el kernel Linux hasta la versión 4.8.11 usa de forma incorrecta la función kzalloc, lo que permite a usuarios locales provocar una denegación de servicio (desbordamiento de entero) o tener otro posible impacto no especific... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8646 – kernel: Oops in shash_async_export()
https://notcve.org/view.php?id=CVE-2016-8646
28 Nov 2016 — The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. La función hash_accept en crypto/algif_hash.c en el kernel Linux en versiones anteriores a 4.3.6 permite a usuarios locales provocar una denegación de servicio (OOPS) intentando desencadenar el uso de algoritmos hash in-kernel para un enchufe que ha recibido cero byt... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8964 – Ubuntu Security Notice USN-3161-2
https://notcve.org/view.php?id=CVE-2015-8964
16 Nov 2016 — The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. La función tty_set_termios_ldisc en drivers/tty/tty_ldisc.c enel kernel de Linux en versiones anteriores a 4.5 permite a los usuarios locales obtener información sensible de la memoria del kernel mediante la lectura de una estructura de datos tty. It was discovered that the Linux kernel did not properly initialize ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7914 – kernel: assoc_array: don't call compare_object() on a node
https://notcve.org/view.php?id=CVE-2016-7914
16 Nov 2016 — The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2 • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 2CVE-2016-7910 – kernel: Use after free in seq file
https://notcve.org/view.php?id=CVE-2016-7910
16 Nov 2016 — Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. Vulnerabilidad de uso después de liberación de memoria en la función disk_seqf_stop en block/genhd.c en el kernel de Linux en versiones anteriores a 4.7.1 permite a usuarios locales obtener privilegios aprovechando la ejecución de una cierta operación de... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8963 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2015-8963
16 Nov 2016 — Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. Condición de carrera en la funcionalidad kernel/events/core.c en el kernel de Linux en versiones anteriores a 4.4 permite a los usuarios locales obtener privilegios o provocar una denegación de servicio al utilizar un manejo incorrecto de una estructura de datos de... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12ca6ad2e3a896256f086497a7c7406a547ee373 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •