CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7097 – kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
https://notcve.org/view.php?id=CVE-2016-7097
16 Oct 2016 — The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. La implementación del sistema de archivos en el kernel de Linux hasta la versión 4.8.2 preserva el bit setgid durante una llamada setxattr, lo que permite a usuarios locales obtener privilegios de grupo aprovechando la existencia de un programa setgid con res... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8660
https://notcve.org/view.php?id=CVE-2016-8660
16 Oct 2016 — The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." El subsistema XFS en el kernel de Linux hasta la versión 4.8.2 permite a usuarios locales provocar una denegación de servicio (fallo fdatasync y cuelgue del sistema) usando el grupo de llamada al sistema vfs en el programa trinity, relacionado ... • http://www.openwall.com/lists/oss-security/2016/10/13/8 • CWE-19: Data Processing Errors •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8956 – kernel: NULL dereference in RFCOMM bind callback
https://notcve.org/view.php?id=CVE-2015-8956
10 Oct 2016 — The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. La función rfcomm_sock_bind en net/bluetooth/rfcomm/sock.c en el kernel de Linux en versiones anteriores a 4.2 permite a usuarios locales obtener información sensible o provocar una denegación de servicio (referencia a puntero NULL) a través ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=951b6a0717db97ce420547222647bcc40bf1eacd • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8950
https://notcve.org/view.php?id=CVE-2015-8950
10 Oct 2016 — arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. arch/arm64/mm/dma-mapping.c en el kernel de Linux en versiones anteriores a 4.0.3, como es usado en el subsistema ION en Android y otros productos, no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener info... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 7%CPEs: 12EXPL: 0CVE-2016-7117 – kernel: Use-after-free in the recvmmsg exit path
https://notcve.org/view.php?id=CVE-2016-7117
10 Oct 2016 — Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. Vulnerabilidad de uso después de liberación de memoria en la función the __sys_recvmmsg en net/socket.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una llamada al ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d • CWE-19: Data Processing Errors CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8955 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2015-8955
10 Oct 2016 — arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. arch/arm64/kernel/perf_event.c en el kernel de Linux en versiones anteriores a 4.1 en plataformas arm64 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (puntero de referencia no valido) a través de vectores relaci... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fff105e13041e49b82f92eef034f363a6b1c071 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2016-6828 – Linux Kernel - TCP Related Read Use-After-Free
https://notcve.org/view.php?id=CVE-2016-6828
06 Sep 2016 — The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. La función tcp_check_send_head en include/net/tcp.h en el kernel de Linux en versiones anteriores a 4.7.5 no mantiene adecuadamente cierto estado SACK tras una copia de datos fallida, lo que permite a usuarios lo... • https://packetstorm.news/files/id/139642 • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5400 – Ubuntu Security Notice USN-3070-1
https://notcve.org/view.php?id=CVE-2016-5400
06 Aug 2016 — Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. Pérdida de memoria en la función airspy_probe en drivers/media/usb/airspy/airspy.c en el controlador USB airspy en el kernel de Linux en versiones anteriores a 4.7 permite ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6197 – kernel: overlayfs: missing upper dentry verification before unlink and rename
https://notcve.org/view.php?id=CVE-2016-6197
06 Aug 2016 — fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. fs/overlayfs/dir.c en la implementación del sistema de archivos OverlayFS en el kernel de Linux en versiones anteriores a 4.6 no verifica adecuadamente la dentry superior antes de proced... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=11f3710417d026ea2f4fcf362d866342c5274185 • CWE-20: Improper Input Validation CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 5CVE-2016-5696 – kernel: challenge ACK counter information disclosure.
https://notcve.org/view.php?id=CVE-2016-5696
06 Aug 2016 — net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana. It was found that the RFC 5961 challenge ACK rate limiting as i... • https://github.com/Gnoxter/mountain_goat • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •