CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2011-4915
https://notcve.org/view.php?id=CVE-2011-4915
20 Feb 2020 — fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. El archivo fs/proc/base.c en el kernel de Linux versiones hasta 3.1, permite a usuarios locales obtener información confidencial de pulsaciones de teclas por medio del acceso a /proc/interrupts. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2498
https://notcve.org/view.php?id=CVE-2011-2498
20 Feb 2020 — The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. El kernel de Linux desde versión v2.3.36 anteriores a v2.6.39, permite a usuarios locales sin privilegios causar una denegación de servicio (consumo de memoria) al activar la creación de páginas PTE. • http://marc.info/?l=oss-security&m=130923704824984&w=2 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 3CVE-2012-0055 – OverlayFS inode Security Checks - 'inode.c' Local Security Bypass
https://notcve.org/view.php?id=CVE-2012-0055
19 Feb 2020 — OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. OverlayFS en el kernel de Linux versiones anteriores a 3.0.0-16.28, como es usado en Ubuntu versiones 10.0.4 LTS y 11.10, carece de verificaciones de seguridad de inode que podrían permitir a atacantes omitir las restricciones de seguridad y llevar a cabo acciones no autorizadas. • https://www.exploit-db.com/exploits/36571 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8992 – Ubuntu Security Notice USN-4419-1
https://notcve.org/view.php?id=CVE-2020-8992
14 Feb 2020 — ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. La función ext4_protect_reserved_inode en el archivo fs/ext4/block_validity.c en el kernel de Linux versiones hasta 5.5.3, permite a atacantes causar una denegación de servicio (soft lockup) por medio de un journal size diseñado. It was discovered that a race condition existed in the Precision Time Protocol implementation in the Lin... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0810 – kernel-rt: stack corruption when task gets scheduled out using the debug stack
https://notcve.org/view.php?id=CVE-2012-0810
12 Feb 2020 — The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention. El manejador int3 en el kernel de Linux versiones anteriores a 3.3, se basa en una pila de depuración por CPU, que permite a usuarios locales causar una denegación de servicio (corrupción de pila y pánico) por medio de una aplicación diseñada que desencadena determinada contención d... • https://bugzilla.redhat.com/show_bug.cgi?id=794557 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8647 – kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
https://notcve.org/view.php?id=CVE-2020-8647
06 Feb 2020 — There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2 en la función vc_do_resize en el archivo drivers/tty/vt/vt.c. A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data struct... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 1CVE-2020-8648 – kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
https://notcve.org/view.php?id=CVE-2020-8648
06 Feb 2020 — There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función n_tty_receive_buf_common en el archivo drivers/tty/n_tty.c. A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system. Red Hat Advanced Cluster Mana... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2020-8649 – kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
https://notcve.org/view.php?id=CVE-2020-8649
06 Feb 2020 — There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función vgacon_invert_region en el archivo drivers/video/console/vgacon.c. A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds r... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14898 – kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
https://notcve.org/view.php?id=CVE-2019-14898
04 Feb 2020 — The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. La corrección para el CVE-2019-11599, que afectaba al kernel de Linux versiones anteriores a 5.0.10, no estaba completa. Un usuario local podría usar este fallo para conseguir infomación confidencial, causar una dene... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3016 – kernel: kvm: Information leak within a KVM guest
https://notcve.org/view.php?id=CVE-2019-3016
31 Jan 2020 — In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. En un Linux KVM invitado que posee PV TLB habilitado, un proceso en el kernel invitado puede ser capaz de leer ubicaciones de memoria de otro proceso en el mismo invitado. ... • http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •