CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8844 – kernel: incorrect restoration of machine specific registers from userspace
https://notcve.org/view.php?id=CVE-2015-8844
27 Apr 2016 — The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. La implementación de signal en el Kernel de Linux en versiones anteriores a 4.3.5 sobre plataformas powerpc no verifica que exista un MSR con los bits S y T establecidos, lo que permite a usuarios locales provocar una denegación de servicio (excepción TM Bad... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 • CWE-20: Improper Input Validation CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2016-2143 – kernel: Fork of large process causes memory corruption
https://notcve.org/view.php?id=CVE-2016-2143
27 Apr 2016 — The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. La implementación fork en el kernel de Linux en versiones anteriores a 4.5 en la plataforma s390 no maneja correctamente el caso de los cuatro niveles de la tabla de pági... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8845 – kernel: incorrect restoration of machine specific registers from userspace
https://notcve.org/view.php?id=CVE-2015-8845
27 Apr 2016 — The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. La función tm_reclaim_thread en arch/powerpc/kernel/process.c en el Kernel de Linux en versiones anteriores a 4.4.1 sobre plataformas powerpc no asegura que exista el modo TM suspend antes de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 • CWE-284: Improper Access Control CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1339
https://notcve.org/view.php?id=CVE-2015-1339
27 Apr 2016 — Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times. Fuga de memoria en la función cuse_channel_release en fs/fuse/cuse.c en el kernel de Linux en versiones anteriores a 4.4 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) o posiblemente tener otro impacto no especificado abriendo /dev/c... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c5816b4beccc8ba709144539f6fdd764f8fa49c • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2016-3156 – kernel: ipv4: denial of service when destroying a network interface
https://notcve.org/view.php?id=CVE-2016-3156
27 Apr 2016 — The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. La implementación IPv4 en el kernel de Linux en versiones anteriores a 4.5.2 no maneja adecuadamente la destrucción de objetos de dispositivo, lo que permite a usuarios del SO invitado provocar una denegación de servicio (corte de la red del sistema operativo anfitrión) disponie... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2016-3672 – Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
https://notcve.org/view.php?id=CVE-2016-3672
07 Apr 2016 — The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. La función arch_pick_mmap_layout en arch/x86/mm/mmap.c en el kernel de Linux hasta la versión 4.5.2 no maneja de forma aleatoria el legado de ... • https://www.exploit-db.com/exploits/39669 • CWE-254: 7PK - Security Features CWE-341: Predictable from Observable State •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2383
https://notcve.org/view.php?id=CVE-2016-2383
06 Apr 2016 — The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. La función adjust_branches en kernel/bpf/verifier.c en el kernel de Linux en versiones anteriores a 4.5 no tiene en cuenta el delta en el caso de salto de retroceso, lo que permite a usuarios locales obtener información sensi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1b14d27ed0965838350f1377ff97c93ee383492 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2085
https://notcve.org/view.php?id=CVE-2016-2085
06 Apr 2016 — The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack. La función evm_verify_hmac en security/integrity/evm/evm_main.c en el kernel de Linux en versiones anteriores a 4.5 no copia correctamente los datos, lo que facilita a usuarios locales falsificar los valores MAC a través de un ataque de tiempo side-chanel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=613317bd212c585c20796c10afe5daaa95d4b0a1 • CWE-19: Data Processing Errors •
CVSS: 6.2EPSS: 0%CPEs: 17EXPL: 0CVE-2016-2847 – kernel: pipe: limit the per-user amount of pages allocated in pipes
https://notcve.org/view.php?id=CVE-2016-2847
06 Apr 2016 — fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. fs/pipe.c en el kernel de Linux antes de 4.5 no limita la cantidad de datos no leídos en las tuberías, lo que permite a los usuarios locales provocar una denegación de servicio (consumo de memoria) creando muchas tuberías con tamaños no predeterminados. It is possible for a single process to cause... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.4EPSS: 0%CPEs: 16EXPL: 1CVE-2016-3134 – Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
https://notcve.org/view.php?id=CVE-2016-3134
14 Mar 2016 — The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. El subsistema netfilter en el kernel de Linux hasta la versión 4.5.2 no válida ciertos campos de desplazamiento, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_R... • https://www.exploit-db.com/exploits/39545 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •