CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6758
https://notcve.org/view.php?id=CVE-2016-6758
12 Jan 2017 — An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. • http://www.securityfocus.com/bid/94677 • CWE-284: Improper Access Control •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8410
https://notcve.org/view.php?id=CVE-2016-8410
12 Jan 2017 — An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. • http://www.securityfocus.com/bid/94709 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9754 – Ubuntu Security Notice USN-3422-2
https://notcve.org/view.php?id=CVE-2016-9754
05 Jan 2017 — The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. La función ring_buffer_resize en kernel/trace/ring_buffer.c en el subsistema de creación de perfiles del kernel de Linux en versiones anteriores a 4.6.1 no maneja adecuadamente ciertos cálculos de entero, lo que permite a usuarios locales o... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-10088 – kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)
https://notcve.org/view.php?id=CVE-2016-10088
30 Dec 2016 — The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. La implementación sg en el kernel Linux hasta la versión 4.9 no restring... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9576 – kernel: Use after free in SCSI generic device interface
https://notcve.org/view.php?id=CVE-2016-9576
28 Dec 2016 — The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. La función blk_rq_map_user_iov en block/blk-map.c en el kernel de Linux en versiones anteriores a 4.8.14 no restringe adecuadamente el tipo de iterador, lo que permite a usuarios locales leer o escribir a ubica... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ac402cfcdc904f9772e1762b3fda112dcc56a0 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9777 – Ubuntu Security Notice USN-3190-1
https://notcve.org/view.php?id=CVE-2016-9777
28 Dec 2016 — KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. KVM en el kernel de Linux en versiones anteriores a 4.8.12, cuando se habilita I/O APIC, no restringe adecuadamente el índice VCPU, lo que permite a usuarios de SO invitados obtene... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9755 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2016-9755
28 Dec 2016 — The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. El subsistema netfilter en el kernel de Linux en versiones anteriores a 4.9 no maneja adecuadamente reensam... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9685 – kernel: Memory leaks in xfs_attr_list.c error paths
https://notcve.org/view.php?id=CVE-2016-9685
28 Dec 2016 — Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. Múltiples fugas de memoria en rutas de error en fs/xfs/xfs_attr_list.c en el kernel de Linux en versiones anteriores a 4.5.1 permiten a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de operaciones de archivo de sistema XFS manipuladas. A flaw was found in the Linux kernel... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e83b79b2d6c78bf1b4aa227938a214dcbddc83f • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2016-9793 – Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9793
28 Dec 2016 — The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. La función sock_setsockopt en net/core/sock.c en el kernel de Linux en versiones anteriores a 4.8.14 no ... • https://packetstorm.news/files/id/142487 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6786 – Debian Security Advisory 3791-1
https://notcve.org/view.php?id=CVE-2016-6786
28 Dec 2016 — kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. kernel/events/core.c en el subsistema de rendimiento en el kernel de Linux en versiones anteriores a 4.0 no gestiona adecuadamente bloqueos durante ciertas migraciones, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad tamb... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b • CWE-264: Permissions, Privileges, and Access Controls •