CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6701 – kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access
https://notcve.org/view.php?id=CVE-2012-6701
02 May 2016 — Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. Desbordamiento de entero en fs/aio.c en el kernel de Linux en versiones anteriores a 3.4.1 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un iovec AIO grande. It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9717
https://notcve.org/view.php?id=CVE-2014-9717
02 May 2016 — fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. fs/namespace.c en el kernel de Linux en versiones anteriores a 4.0.2 procesa llamadas de sistema MNT_DETACH umount2 sin verificar que el indicador MNT_LOCKED no está establecido, lo que permite a usuarios loc... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8839 – kernel: ext4 filesystem page fault race condition with fallocate call.
https://notcve.org/view.php?id=CVE-2015-8839
02 May 2016 — Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. Múltiples condiciones de carrera en la implementación del sistema de archivos ext4 en el kernel de Linux en versiones anteriores a 4.5 permite a usuarios locales provocar una denegación de servicio (corrupción de disco) escr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4176
https://notcve.org/view.php?id=CVE-2015-4176
02 May 2016 — fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. fs/namespace.c en el kernel de Linux en versiones anteriores a 4.0.2 no soporta correctamente conectividad de montaje, lo que permite a usuarios locales leer archivos arbitrarios aprovechando acceso root al espacio de nombres de usuario para eliminar un archivo o directorio. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1604
https://notcve.org/view.php?id=CVE-2003-1604
02 May 2016 — The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. La función redirect_target en net/ipv4/netfilter/ipt_REDIRECT.c en el kernel de Linux en versiones anteriores a 2.6.0 permite a atacantes remotos to provocar una denegación de servicio (referencia a puntero NULL y OOPS) envi... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2672
https://notcve.org/view.php?id=CVE-2015-2672
02 May 2016 — The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. La implementación de xsave/xrstor en arch/x86/include/asm/xsave.h en el kernel de Linux en versiones anteriores a... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4177
https://notcve.org/view.php?id=CVE-2015-4177
02 May 2016 — The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. La función collect_mounts en fs/namespace.c en el kernel de Linux en versiones anteriores a 4.0.5 no considera correctamente que se pueda ejecutar después de que una ruta sea desmontada, lo que permite a ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8746 – kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client
https://notcve.org/view.php?id=CVE-2015-8746
02 May 2016 — fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. fs/nfs/nfs4proc.c en el cliente NFS en el kernel de Linux en versiones anteriores a 4.2.2 no inicializa memoria correctamente para operaciones de recuperación de migración, lo que permite a servidores NFS remotos provocar una denegación de servi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=18e3b739fdc826481c6a1335ce0c5b19b3d415da • CWE-665: Improper Initialization •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8324 – kernel: Null pointer dereference when mounting ext4
https://notcve.org/view.php?id=CVE-2015-8324
02 May 2016 — The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. La implementación de ext4 en el kernel de Linux en versiones anteriores a 2.6.34 no rastrea correctamente la inicalización de determinadas estructuras de datos, lo que permite a atacantes físicamente próxim... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2117 – kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers
https://notcve.org/view.php?id=CVE-2016-2117
02 May 2016 — The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. La función atl2_probe en drivers/net/ethernet/atheros/atlx/atl2.c en el kernel de Linux hasta la versión 4.5.2 activa incorrectamente scatter/gather I/O, lo que permite a atacantes remotos obtener información sensible de la memoria del kernel leyendo datos de paque... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •