CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8967 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2015-8967
08 Dec 2016 — arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. arch/arm64/kernel/sys.c en el kernel de Linux en versiones anteriores a 4.0 permiten a usuarios locales eludir el mecanismo de protección de "permisos de página estricta" y modificar la tabla de llamadas del sistema, y consecuentemente obtener privilegios, aprovechando el acceso d... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8630 – kernel: kvm: x86: NULL pointer dereference during instruction decode
https://notcve.org/view.php?id=CVE-2016-8630
28 Nov 2016 — The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. La función x86_decode_insn en arch/x86/kvm/emulate.c en el kernel Linux en versiones anteriores a 4.8.7, cuando KVM está habilitado, permite a usuarios locales provocar una denegación de servicio (caída de SO anfitrión ) a través de cierto uso del byte ModR/M en una instruc... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e • CWE-284: Improper Access Control CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9178 – Ubuntu Security Notice USN-3422-2
https://notcve.org/view.php?id=CVE-2016-9178
28 Nov 2016 — The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. El macro __get_user_asm_ex en arch/x86/include/asm/uaccess.h en el kernel Linux en versiones anteriores a 4.7.5 no inicia ciertas variables de entero, lo que permite a usuarios locales obtener información sensible de la memoria basado en pila... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8645 – kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c
https://notcve.org/view.php?id=CVE-2016-8645
28 Nov 2016 — The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. La pila TCP en el kernel Linux en versiones anteriores a 4.8.10 maneja incorrectamente el truncamiento skb, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) a través de una aplicación manipulada que hace llamadas d... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3 • CWE-284: Improper Access Control CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9191 – Kernel Live Patch Security Notice LSN-0021-1
https://notcve.org/view.php?id=CVE-2016-9191
28 Nov 2016 — The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. La implementación offline cgroup en el kernel Linux hasta la versión 4.8.11 maneja incorrectamente ciertas operaciones drain, lo que permite a usuarios locales provocar una denegación de servicio (colgado de sistema) aprovech... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8650 – kernel: Null pointer dereference via keyctl
https://notcve.org/view.php?id=CVE-2016-8650
28 Nov 2016 — The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. La función mpi_powm en lib/mpi/mpi-pow.c en el kernel Linux hasta la versión 4.8.11 no se asegura que la memoria esté alojada para datos limb, lo que permite a usuarios locales provocar una denegación de servicio (corrupción... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8632 – Ubuntu Security Notice USN-3312-2
https://notcve.org/view.php?id=CVE-2016-8632
28 Nov 2016 — The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. La función tipc_msg_build en net/tipc/msg.c en el kernel Linux hasta la versión 4.8.11 no valida la relación entre la longitud mínima de fragmento y el tamaño máximo de paquete, lo que ... • http://www.openwall.com/lists/oss-security/2016/11/08/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8970 – kernel: crypto: GPF in lrw_crypt caused by null-deref
https://notcve.org/view.php?id=CVE-2015-8970
28 Nov 2016 — crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. crypto/algif_skcipher.c en el kernel Linux en versiones anteriores a 4.4.2 no verifica que una operación setkey haya sido llevada ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 6%CPEs: 1EXPL: 0CVE-2016-8633 – kernel: Buffer overflow in firewire driver via crafted incoming packets
https://notcve.org/view.php?id=CVE-2016-8633
28 Nov 2016 — drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. drivers/firewire/net.c en el kernel Linux en versiones anteriores a 4.8.7, en ciertas configuraciones de hardware no usuales, permite a atacantes remotos ejecutar un código arbitrario a través de paquetes fragmentados manipulados. A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9084 – kernel: Integer overflow when using kzalloc in vfio driver
https://notcve.org/view.php?id=CVE-2016-9084
28 Nov 2016 — drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. drivers/vfio/pci/vfio_pci_intrs.c en el kernel Linux hasta la versión 4.8.11 usa de forma incorrecta la función kzalloc, lo que permite a usuarios locales provocar una denegación de servicio (desbordamiento de entero) o tener otro posible impacto no especific... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a • CWE-190: Integer Overflow or Wraparound •