CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 8CVE-2015-8660 – Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8660
28 Dec 2015 — The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. La función ovl_setattr en fs/overlayfs/inode.c en el kernel de Linux hasta la versión 4.3.3 trata de fusionar distintas operaciones setattr, lo que permite a usuarios locales eludir las restricciones destinadas al acceso y modificar los a... • https://packetstorm.news/files/id/135151 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.0EPSS: 0%CPEs: 15EXPL: 0CVE-2015-8551 – Ubuntu Security Notice USN-2846-1
https://notcve.org/view.php?id=CVE-2015-8551
20 Dec 2015 — The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." El controlador backend PCI en Xen, cuando se ejecuta en un sistema x86 y... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 1CVE-2015-8543 – kernel: IPv6 connect causes DoS via NULL pointer dereference
https://notcve.org/view.php?id=CVE-2015-8543
18 Dec 2015 — The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. La implementación de redes en el kernel de Linux hasta la versión 4.3.3, tal como se utiliza en Android y otros productos, n... • https://github.com/bittorrent3389/CVE-2015-8543_for_SLE12SP1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2013-7446 – Ubuntu Security Notice USN-2889-2
https://notcve.org/view.php?id=CVE-2013-7446
18 Dec 2015 — Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. Vulnerabilidad de uso después de la liberación de la memoria en net/unix/af_unix.c en el kernel de Linux en versiones anteriores a 4.3.3 permite a usuarios locales eludir los permisos destinados al socket AF_UNIX o provocar una denegación de servicio (panic) a través de llamadas epoll_ctl manipul... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8374 – kernel: Information leak when truncating of compressed/inlined extents on BTRFS
https://notcve.org/view.php?id=CVE-2015-8374
18 Dec 2015 — fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. fs/btrfs/inode.c en el kernel de Linux en versiones anteriores a 4.3.3 no maneja correctamente extensiones en línea comprimidas, lo que permite a usuarios locales obtener información sensible previa al truncamiento desde un archivo a través de una acción clone. An information-leak vulnerability was found in the kernel ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7884 – Ubuntu Security Notice USN-2843-2
https://notcve.org/view.php?id=CVE-2015-7884
17 Dec 2015 — The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. La función vivid_fb_ioctl en drivers/media/platform/vivid/vivid-osd.c en el kernel de Linux hasta la versión 4.3.3 no inicializa cierto miembro de estructura, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7885 – Ubuntu Security Notice USN-2843-2
https://notcve.org/view.php?id=CVE-2015-7885
17 Dec 2015 — The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. La función dgnc_mgmt_ioctl en drivers/staging/dgnc/dgnc_mgmt.c en el kernel de Linux hasta la versión 4.3.3 no inicializa cierto miembro de estructura, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una aplica... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2015-8104 – virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception
https://notcve.org/view.php?id=CVE-2015-8104
16 Nov 2015 — The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. El subsistema KVM en el kernel Linux hasta la versión 4.2.6, y Xen 4.3.x hasta la versión 4.6.x permite a usuarios del SO invitados causar una denegación de servicio (panic en el host del SO o cuelgue) desencadenando muchas excepciones #DB (también conocidas como Debug), relacionadas con s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2015-5307 – virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception
https://notcve.org/view.php?id=CVE-2015-5307
10 Nov 2015 — The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. El subsistema KVM en el kernel Linux hasta la versión 4.2.6, y Xen 4.3.x hasta la versión 4.6.x permite a usuarios del SO invitados causar una denegación de servicio (panic en el host del SO o cuelgue) desencandenando muchas excepciones #AC (también conocidas como Align... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7872 – kernel: Keyrings crash triggerable by unprivileged user
https://notcve.org/view.php?id=CVE-2015-7872
10 Nov 2015 — The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. La función key_gc_unused_keys en security/keys/gc.c en el kernel Linux hasta la versión 4.2.6 permite a usuarios locales causar una denegación de servicio (OOPS) a través de comandos keyctl manipulados. It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c • CWE-20: Improper Input Validation CWE-456: Missing Initialization of a Variable •