CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
03 Apr 2017 — The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a... • http://www.openwall.com/lists/oss-security/2017/12/04/2 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 5CVE-2017-7308 – Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7308
29 Mar 2017 — The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. La función packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versión 4.10.6, no comprueba apropiadamente ciertos datos de tamaño de bloque, lo que ... • https://packetstorm.news/files/id/147685 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5669 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2017-5669
24 Feb 2017 — The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. La función do_shmat en ipc/shm.c en el kernel de Linux hasta la versión 4.9.12 no restringe la dirección calculada por cierta operación de redondeo, lo que permite a u... • http://www.debian.org/security/2017/dsa-3804 •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0570
https://notcve.org/view.php?id=CVE-2015-0570
09 May 2016 — Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. Desbordamiento de buffer basado en pila en la implementación de SET_WPS_IE IOCTL en wlan_hdd_hostapd.c en el controlador WLAN (también conocido como Wi-Fi) para... • http://source.android.com/security/bulletin/2016-05-01.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0571
https://notcve.org/view.php?id=CVE-2015-0571
09 May 2016 — The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. El controlador WLAN (también conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM... • http://source.android.com/security/bulletin/2016-05-01.html • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4CVE-2016-2853 – AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-2853
02 May 2016 — The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. El módulo aufs para el kernel de Linux 3.x y 4.x no restringe correctamente el espacio de nombres de montaje, lo que permite a usuarios locales obtener privilegos montando un sistema de archivos aufs sobre un sistema de archivos FUSE y luego ejecutando un programa s... • https://packetstorm.news/files/id/141914 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4CVE-2016-2854 – AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-2854
02 May 2016 — The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. El módulo aufs para el kernel de Linux 3.x y 4.x no mantiene correctamente datos POSIX ACL xattr, lo que permite a usuarios locales obtener privilegos aprovechando un directorio con permiso de escritura de grupo setgid. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not proper... • https://packetstorm.news/files/id/141914 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2015-0569 – Linux Kernel 3.x/4.x - prima WLAN Driver Heap Overflow
https://notcve.org/view.php?id=CVE-2015-0569
25 Jan 2016 — Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter. Desbordamiento de buffer basado en memoria dinámica en la implementación de extensiones de wireless privadas IOCTL en wlan_hdd_wext.c en el contro... • https://packetstorm.news/files/id/135372 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2015-7312 – Ubuntu Security Notice USN-2779-1
https://notcve.org/view.php?id=CVE-2015-7312
20 Oct 2015 — Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. Múltiples condiciones de carrera en los parches de Advanced Union Filesystem (aufs) aufs3-mmap.patch y aufs4-mmap.patch para el kernel Linux 3.x y 4.x permite a usuarios locales causar... • http://sourceforge.net/p/aufs/mailman/message/34449209 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2877 – Cross-VM ASL INtrospection (CAIN)
https://notcve.org/view.php?id=CVE-2015-2877
06 Aug 2015 — Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and ca... • http://www.antoniobarresi.com/files/cain_advisory.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •