CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7915 – kernel: HID: core: prevent out-of-bound readings
https://notcve.org/view.php?id=CVE-2016-7915
16 Nov 2016 — The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. La función hid_input_field en drivers/hid/hid-core.c en el kernel de Linux en versiones anteriores a 4.6 Permite que atacantes físicamente próximos obtengan información sensible de la memoria del núcleo o causen una dene... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=50220dead1650609206efe91f0cc116132d59b3f • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-7913 – kernel: media: use-after-free in [tuner-xc2028] media driver
https://notcve.org/view.php?id=CVE-2016-7913
16 Nov 2016 — The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. La función xc2028_set_config en drivers/media/tuners/tuner-xc2028.c en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8962 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2015-8962
16 Nov 2016 — Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. Vulnerabilidad de liberación doble en la función sg_common_write en drivers/scsi/sg.c en el kernel de Linux en versiones anteriores a 4.4 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria y ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3951a3709ff50990bf3e188c27d346792103432 • CWE-415: Double Free •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-7911 – Kernel Live Patch Security Notice LSN-0021-1
https://notcve.org/view.php?id=CVE-2016-7911
16 Nov 2016 — Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. Condición de carrera en la función get_task_ioprio en block/ioprio.c en el kernel de Linux en versiones anteriores a 4.6.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso posterior a la llamada) mediante una llamada manipulada al sistema ioprio_get. ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7916 – Kernel Live Patch Security Notice LSN-0021-1
https://notcve.org/view.php?id=CVE-2016-7916
16 Nov 2016 — Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. La condición de carrera en la función environ_read en fs / proc / base.c en el kernel de Linux antes de 4.5.4 permite a usuarios locales obtener información sensible de la memoria del kernel leyendo un archivo / proc / * / ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7917 – Ubuntu Security Notice USN-3312-2
https://notcve.org/view.php?id=CVE-2016-7917
16 Nov 2016 — The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. La función nfnetlink_rcv_batch en net / netfilter / nfnetlink.c en el kernel de Linux en versiones anteriores a 4.5 no comprueba si el campo de longitud de un me... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c58d6c93680f28ac58984af61d0a7ebf4319c241 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8952 – Ubuntu Security Notice USN-3582-2
https://notcve.org/view.php?id=CVE-2015-8952
16 Oct 2016 — The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. La funcionalidad mbcache en las implementaciones del sistema de archivos ext2 y ext4 en el kernel de Linux en versiones anteriores a 4.6 no maneja adecuadamente bloque de almacenamiento en caché xattr, lo que p... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82939d7999dfc1f1998c4b1c12e2f19edbdff272 • CWE-19: Data Processing Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6327 – kernel: infiniband: Kernel crash by sending ABORT_TASK command
https://notcve.org/view.php?id=CVE-2016-6327
16 Oct 2016 — drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. drivers/infiniband/ulp/srpt/ib_srpt.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) usando un comando ABORT_TASK para abortar una operación de escritura de dispositi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-3288 – kernel: zero page memory arbitrary modification
https://notcve.org/view.php?id=CVE-2015-3288
16 Oct 2016 — mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. mm/memory.c en el kernel de Linux en versiones anteriores a 4.1.4 no maneja adecuadamente páginas anónimas, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (adulteración de página) a través de una aplicación manipulada que desencadena escribir ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d • CWE-20: Improper Input Validation CWE-391: Unchecked Error Condition •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-8953
https://notcve.org/view.php?id=CVE-2015-8953
16 Oct 2016 — fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer. fs/overlayfs/copy_up.c en el kernel de Linux en versiones anteriores a 4.2.6 utiliza una ruta de código de limpieza incorrecta, lo que permite a usuarios locales provocar una denegación de servicio (fuga de referencia dentry) a través de operaciones de sistema de archivo... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab79efab0a0ba01a74df782eb7fa44b044dae8b5 • CWE-399: Resource Management Errors •