CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0723
https://notcve.org/view.php?id=CVE-2016-0723
19 Jan 2016 — Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. Condición de carrera en la función tty_ioctl en drivers/tty/tty_io.c en el kernel de Linux hasta la versión 4.4.1 permite a usuarios locales obtener información sensible de la memoria del kernel o provoca... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8767 – kernel: SCTP denial of service during timeout
https://notcve.org/view.php?id=CVE-2015-8767
19 Jan 2016 — net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. net/sctp/sm_sideeffect.c en el kernel de Linux en versiones anteriores a 4.3 no maneja adecuadamente la relación entre un bloqueo y un socket, lo que permite a usuarios locales provocar una denegación de servicio (interbloqueo) a través de una llamada sctp_accept manipulada. A race condi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4312 – kernel: File descriptors passed over unix sockets are not properly accounted
https://notcve.org/view.php?id=CVE-2013-4312
19 Jan 2016 — The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. El kernel de Linux en versiones anteriores a 4.4.1 permite a usuarios locales eludir los limites de descriptor de fichero y provocar una denegación de servicio (consumo de memoria) enviando cada descriptor a través de un socket UNIX antes de cerrarlo, relacion... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 1CVE-2015-7566 – Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference
https://notcve.org/view.php?id=CVE-2015-7566
19 Jan 2016 — The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. La función clie_5_attach en drivers/usb/serial/visor.c en el kernel de Linux hasta la versión 4.4.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caíd... • https://www.exploit-db.com/exploits/39540 •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 12CVE-2016-0728 – Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-0728
19 Jan 2016 — The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. La función join_session_keyring en security/keys/process_keys.c en el kernel de Linux en versiones anteriores a 4.4.1 no maneja correctamente referencias a objetos en un cierto caso de error, lo que permite a usuarios l... • https://www.exploit-db.com/exploits/40003 • CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8575
https://notcve.org/view.php?id=CVE-2015-8575
05 Jan 2016 — The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. La función sco_sock_bind en net/bluetooth/sco.c en el kernel de Linux en versiones anteriores a 4.3.4 no verifica la longitud de una dirección, lo que permite a usuarios locales obtener información sensible de la memoria del kernel y eludir el mecan... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8709
https://notcve.org/view.php?id=CVE-2015-8709
05 Jan 2016 — kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here. ** DISPUTADA ** kernel/ptrace.c en el kernel de Linux hasta la versión 4.4.1 no maneja correctamente el mapeo uid y gid, lo que permite a usuarios locales obtener privilegios esta... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2015-7513
https://notcve.org/view.php?id=CVE-2015-7513
05 Jan 2016 — arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. arch/x86/kvm/x86.c en el kernel de Linux en versiones anteriores a 4.4 no reinicia los valores del contador PIT durante la restauración del estado, lo que permite a usuarios invitados del SO provocar una deneg... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7550
https://notcve.org/view.php?id=CVE-2015-7550
05 Jan 2016 — The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. La función keyctl_read_key en security/keys/keyctl.c en el kernel de Linux en versiones anteriores a 4.3.4 no utiliza adecuadamente un semáforo, l... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b4a1b4f5047e4f54e194681125c74c0aa64d637d • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7509 – kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system
https://notcve.org/view.php?id=CVE-2015-7509
28 Dec 2015 — fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. fs/ext4/namei.c en el kernel Linux en versiones anteriores a 3.7 permite a atacantes físicamente próximos provocar una denegación de servicio (caída del sistema) a través de un archivo de sistema no-journal manipulado, un problema relacionado con CVE-2013-2015. A flaw was found in the way the Linux kernel's ext... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9b92530a723ac5ef8e352885a1862b18f31b2f5 • CWE-20: Improper Input Validation CWE-250: Execution with Unnecessary Privileges •