CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 1CVE-2015-4036
https://notcve.org/view.php?id=CVE-2015-4036
10 Jun 2015 — Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. Vulnerabilidad de error de índice de Array en la función tcm_vhost_make_tpg en drivers/vhost/scsi.c en el kernel de Linux en versione... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 0CVE-2015-4001
https://notcve.org/view.php?id=CVE-2015-4001
07 Jun 2015 — Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. Error de signo de enteros en la función oz_hcd_get_desc_cnf en drivers/staging/ozwpan/ozhcd.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 permite a atacantes remotos causar una denegación de servicio (caída de sistema) o p... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c • CWE-189: Numeric Errors •
CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 0CVE-2015-4002
https://notcve.org/view.php?id=CVE-2015-4002
07 Jun 2015 — drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. drivers/staging/ozwpan/ozusbsvc1.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 no asegura que ciertas valores de longitud est... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 2%CPEs: 4EXPL: 1CVE-2015-4004
https://notcve.org/view.php?id=CVE-2015-4004
07 Jun 2015 — The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. El controlador OZWPAN en el kernel de Linux hasta 4.0.5 depende de un campo de longitud no confiable durante el análisis sintáctico de paquetes, lo que permite a atacantes remotos obtener información sensible de la memoria del kern... • http://openwall.com/lists/oss-security/2015/06/05/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-4003
https://notcve.org/view.php?id=CVE-2015-4003
07 Jun 2015 — The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. La función oz_usb_handle_ep_data en drivers/staging/ozwpan/ozusbsvc1.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 permite a atacantes remotos causar una denegación de servicio (un error de dividir por cero y caída de sistema) a través de un paquete mani... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 5CVE-2015-1805 – kernel: pipe: iovec overrun leading to memory corruption
https://notcve.org/view.php?id=CVE-2015-1805
02 Jun 2015 — The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." Vulnerabilidad en las implementaciones (1) pipe_read y (2) pipe_write en fs/pipe.c en el kernel de Linux en versiones anteriores a 3.16, no co... • https://github.com/panyu6325/CVE-2015-1805 • CWE-17: DEPRECATED: Code •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9710
https://notcve.org/view.php?id=CVE-2014-9710
20 May 2015 — The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit. La implementación Btrfs en el kernel de Linux anterior a 3.19 no asegura que el estado xattr vis... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2666 – kernel: execution in the early microcode loader
https://notcve.org/view.php?id=CVE-2015-2666
30 Apr 2015 — Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. Desbordamiento de buffer basado en pila en la función get_matching_model_microcode en arch/x86/kernel/cpu/microcode/intel_early.c en el kernel de Linux anterior a 4.0 permite a atacantes dependientes d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9715 – kernel: netfilter connection tracking extensions denial of service
https://notcve.org/view.php?id=CVE-2014-9715
27 Apr 2015 — include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment. include/net/netfilter/nf_conntrack_extend.h en el subsistema netfilter en el kernel de Linux anterior a 3.14.5 utiliza un... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279 • CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2830 – kernel: int80 fork from 64-bit tasks mishandling
https://notcve.org/view.php?id=CVE-2015-2830
27 Apr 2015 — arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. arch/x86/kernel/entry_64.S en el kernel de Linux anterior a 3.19.2 no impide que el indicador TS_COMPAT llegue a una tarea de modo de usuario, lo que podría permitir a ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=956421fbb74c3a6261903f3836c0740187cf038b • CWE-264: Permissions, Privileges, and Access Controls CWE-393: Return of Wrong Status Code •