CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3713 – Ubuntu Security Notice USN-2979-2
https://notcve.org/view.php?id=CVE-2016-3713
16 May 2016 — The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. La función msr_mtrr_valid en arch/x86/kvm/mtrr.c en el kernel de Linux en versiones anteriores a 4.6.1 sostiene MSR 0x2f8, lo que permite a usuarios invitados del sistema operativo leer o escribir en la estruc... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 11%CPEs: 14EXPL: 1CVE-2016-3955 – Ubuntu Security Notice USN-3002-1
https://notcve.org/view.php?id=CVE-2016-3955
09 May 2016 — The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet. La función usbip_recv_xbuff en drivers/usb/usbip/usbip_common.c en el kernel de Linux en versiones anteriores a 4.5.3 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o posiblemente tener otro impacto no e... • https://github.com/pqsec/uboatdemo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2053 – kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()
https://notcve.org/view.php?id=CVE-2016-2053
02 May 2016 — The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. La función asn1_ber_decoder en lib/asn1_decoder.c en el kernel de Linux en versiones anteriores a 4.3 permite a atacantes provocar una denegación de servicio (pánico) a través de un archivo ASN.1 BER que carece de clave p... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4178
https://notcve.org/view.php?id=CVE-2015-4178
02 May 2016 — The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h. La implementación de fs_pin en el kernel de Linux en versiones anteriores a 4.0.5 no asegura la consistencia interna de una determinada estructura de datos de lista, lo que permi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-7316
https://notcve.org/view.php?id=CVE-2008-7316
02 May 2016 — mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. mm/filemap.c en el kernel de Linux en versiones anteriores a 2.6.25 permite a usuarios locales provocar una denegación de servicio (bucle infinito) a través de una llamada a sistema writev que desencadena un iovec de longitud cero, seguido por un fallo de página para un iovec de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-2187 – Ubuntu Security Notice USN-3002-1
https://notcve.org/view.php?id=CVE-2016-2187
02 May 2016 — The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función gtco_probe en drivers/input/tablet/gtco.c en el kernel de Linux hasta la versión 4.5.2 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de disposit... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6689 – libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages
https://notcve.org/view.php?id=CVE-2012-6689
02 May 2016 — The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. La función netlink_sendmsg en net/netlink/af_netlink.c en el kernel de Linux en versiones anteriores a 3.5.5 no valida el campo dst_pid, lo que permite a usuarios locales tener un impacto no especificado suplantando mensajes Netlink. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6701 – kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access
https://notcve.org/view.php?id=CVE-2012-6701
02 May 2016 — Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. Desbordamiento de entero en fs/aio.c en el kernel de Linux en versiones anteriores a 3.4.1 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un iovec AIO grande. It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9717
https://notcve.org/view.php?id=CVE-2014-9717
02 May 2016 — fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. fs/namespace.c en el kernel de Linux en versiones anteriores a 4.0.2 procesa llamadas de sistema MNT_DETACH umount2 sin verificar que el indicador MNT_LOCKED no está establecido, lo que permite a usuarios loc... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8839 – kernel: ext4 filesystem page fault race condition with fallocate call.
https://notcve.org/view.php?id=CVE-2015-8839
02 May 2016 — Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. Múltiples condiciones de carrera en la implementación del sistema de archivos ext4 en el kernel de Linux en versiones anteriores a 4.5 permite a usuarios locales provocar una denegación de servicio (corrupción de disco) escr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •