CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2015-2922 – kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
https://notcve.org/view.php?id=CVE-2015-2922
27 Apr 2015 — The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La función ndisc_router_discovery en net/ipv6/ndisc.c en la implementación de protocolo Neighbor Discovery (ND) en la pila IPv6 en el kernel de Linux anterior a 3.19.6 permite a atacantes remotos reconfigurar una configura... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a • CWE-17: DEPRECATED: Code CWE-454: External Initialization of Trusted Variables or Data Stores •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2041 – Debian Security Advisory 3237-1
https://notcve.org/view.php?id=CVE-2015-2041
09 Apr 2015 — net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. net/llc/sysctl_net_llc.c en el kernel de Linux anterior a 3.19 utiliza un tipo de datos incorrecto en una tabla sysctl, lo que permite a usuarios locales obtener información sensible de la memoria del kernel o posiblemente tener otro impacto no espe... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 • CWE-17: DEPRECATED: Code •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2042 – Debian Security Advisory 3237-1
https://notcve.org/view.php?id=CVE-2015-2042
09 Apr 2015 — net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. net/rds/sysctl.c en el kernel de Linux anterior a 3.19 utiliza un tipo de datos incorrecta en una tabla sysctl, lo que permite a usuarios locales obtener información sensible de la memoria del kernel o posiblemente tener otro impacto no especificado mediant... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db27ebb111e9f69efece08e4cb6a34ff980f8896 • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2015-2150 – Debian Security Advisory 3237-1
https://notcve.org/view.php?id=CVE-2015-2150
12 Mar 2015 — Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Xen 3.3.x hasta la versión 4.5.x y en el kernel de Linux hasta la versión 3.19.1 no restringe adecuadamente el acceso al registro... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8172 – kernel: soft lockup on aio
https://notcve.org/view.php?id=CVE-2014-8172
05 Mar 2015 — The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. La implementación del sistema de fichero en el Kernel de Linux anterior a 3.13 realizar ciertas operaciones en listas de archivos con un inapropiado bloqueo, lo que permite a usuarios locales causar una denegación de servi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eee5cc2702929fd41cce28058dc6d6717f723f87 • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2013-7421 – kernel: crypto api unprivileged arbitrary module load via request_module()
https://notcve.org/view.php?id=CVE-2013-7421
26 Feb 2015 — The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con un nombre de módulo en el campo salg_name, una vulnerabilidad diferente a CVE-2014-9644... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d26a105b5a73e5635eae0629b42fa0a90e07b7b • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-9683 – kernel: buffer overflow in eCryptfs
https://notcve.org/view.php?id=CVE-2014-9683
26 Feb 2015 — Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. Error de superación de límite (off-by-one) en la función ecryptfs_decode_from_filename en fs/ecryptfs/crypto.c en el subsistema eCryptfs en el kernel de Linux anterior a 3.18.2 permite a usuarios locales causar una denegación de s... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=942080643bce061c3dd9d5718d3b745dcb39a8bc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 1CVE-2015-0239 – kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
https://notcve.org/view.php?id=CVE-2015-0239
26 Feb 2015 — The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. La función em_sysenter en arch/x86/kvm/emulate.c en el kernel de Linux anterior a 3.18.5, cuando al sistema operativo invitado le falta la inicialización SYSENTER MSR, permite a usuarios del si... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3747379accba8e95d70cec0eae0582c8c182050 • CWE-269: Improper Privilege Management CWE-391: Unchecked Error Condition •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1420 – Ubuntu Security Notice USN-2661-1
https://notcve.org/view.php?id=CVE-2015-1420
26 Feb 2015 — Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. Condición de carrera en la función handle_to_path en fs/fhandle.c en el Kernel de Linux a través de 3.19.1 permite a usuarios locales evadir las restricciones del tamaño y lanzar operaciones de lectura en ubic... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-9644 – kernel: crypto api unprivileged arbitrary module load via request_module()
https://notcve.org/view.php?id=CVE-2014-9644
26 Feb 2015 — The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con una expresión... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4943ba16bbc2db05115707b3ff7b4874e9e3c560 • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •