CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8952 – Ubuntu Security Notice USN-3582-2
https://notcve.org/view.php?id=CVE-2015-8952
16 Oct 2016 — The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. La funcionalidad mbcache en las implementaciones del sistema de archivos ext2 y ext4 en el kernel de Linux en versiones anteriores a 4.6 no maneja adecuadamente bloque de almacenamiento en caché xattr, lo que p... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82939d7999dfc1f1998c4b1c12e2f19edbdff272 • CWE-19: Data Processing Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6327 – kernel: infiniband: Kernel crash by sending ABORT_TASK command
https://notcve.org/view.php?id=CVE-2016-6327
16 Oct 2016 — drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. drivers/infiniband/ulp/srpt/ib_srpt.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) usando un comando ABORT_TASK para abortar una operación de escritura de dispositi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7042 – kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled
https://notcve.org/view.php?id=CVE-2016-7042
16 Oct 2016 — The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. La función proc_keys_show en security/keys/proc.c en el kernel de Linux hasta la versión 4.8.2, cuando el protector de pila GNU Compiler Collection (gcc) está habilitado, utiliza u... • http://rhn.redhat.com/errata/RHSA-2017-0817.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7097 – kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
https://notcve.org/view.php?id=CVE-2016-7097
16 Oct 2016 — The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. La implementación del sistema de archivos en el kernel de Linux hasta la versión 4.8.2 preserva el bit setgid durante una llamada setxattr, lo que permite a usuarios locales obtener privilegios de grupo aprovechando la existencia de un programa setgid con res... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8658 – Ubuntu Security Notice USN-3161-4
https://notcve.org/view.php?id=CVE-2016-8658
16 Oct 2016 — Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. Desbordamiento de búfer basado en pila en la función brcmf_cfg80211_start_ap en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c en el kernel de Linux en versione... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2016-7425 – Ubuntu Security Notice USN-3161-4
https://notcve.org/view.php?id=CVE-2016-7425
16 Oct 2016 — The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. La función arcmsr_iop_message_xfer en drivers/scsi/arcmsr/arcmsr_hba.c en el kernel de Linux hasta la versión 4.8.2 no restringe una cierta longitud de campo, lo que permite a usuarios locales obtener privilegi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-3288 – kernel: zero page memory arbitrary modification
https://notcve.org/view.php?id=CVE-2015-3288
16 Oct 2016 — mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. mm/memory.c en el kernel de Linux en versiones anteriores a 4.1.4 no maneja adecuadamente páginas anónimas, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (adulteración de página) a través de una aplicación manipulada que desencadena escribir ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d • CWE-20: Improper Input Validation CWE-391: Unchecked Error Condition •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0572
https://notcve.org/view.php?id=CVE-2015-0572
10 Oct 2016 — Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call. Múltiples condiciones de carrera en drivers/char/adsprpc.c y drivers/char/adsprpc_compat.c en el driver ADSPRPC para el k... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5343
https://notcve.org/view.php?id=CVE-2016-5343
10 Oct 2016 — drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow. drivers/soc/qcom/qdsp6v2/voice_svc.c en el controlador Voice Service QDSP6v2 para el kernel de Linux 3.x, como se usa en con... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8950
https://notcve.org/view.php?id=CVE-2015-8950
10 Oct 2016 — arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. arch/arm64/mm/dma-mapping.c en el kernel de Linux en versiones anteriores a 4.0.3, como es usado en el subsistema ION en Android y otros productos, no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener info... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •