CVSS: 10.0EPSS: 3%CPEs: 14EXPL: 0CVE-2016-3955
https://notcve.org/view.php?id=CVE-2016-3955
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet. La función usbip_recv_xbuff en drivers/usb/usbip/usbip_common.c en el kernel de Linux en versiones anteriores a 4.5.3 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o posiblemente tener otro impacto no especificado a través de un valor de longitud manipulado en un paquete USB/IP. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://www.debian.org/security/2016/dsa-3607 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3 http://www.openwall.com/lists/oss-security/2016/04/19/1 http://www.securityfocus.com/bid/86534 http://www.ubuntu.com/usn/USN-2989-1 http://www.ubuntu.com/usn/USN-2996-1 http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6701 – kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access
https://notcve.org/view.php?id=CVE-2012-6701
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. Desbordamiento de entero en fs/aio.c en el kernel de Linux en versiones anteriores a 3.4.1 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un iovec AIO grande. It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1 http://www.openwall.com/lists/oss-security/2016/03/02/9 https://access.redhat.com/errata/RHSA-2018:1854 https://bugzilla.redhat.com/show_bug.cgi?id=1314288 https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893 https://access.redhat.com/security/cve/CVE-2012-6701 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8839 – kernel: ext4 filesystem page fault race condition with fallocate call.
https://notcve.org/view.php?id=CVE-2015-8839
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. Múltiples condiciones de carrera en la implementación del sistema de archivos ext4 en el kernel de Linux en versiones anteriores a 4.5 permite a usuarios locales provocar una denegación de servicio (corrupción de disco) escribiendo a una página que está asociada con un archivo de usuario diferente después del manejo de hole punching desincronizado y de fallo de página. A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b http://www.openwall.com/lists/oss-security/2016/04/01/4 http://www.securityfocus.com/bid/85798 http://www.securitytracker.com/id/1035455 http://www.ubuntu.com/usn/USN-3005-1 http://www.ubuntu.com/usn/USN-3006-1 http://www.ubuntu.com/usn/USN-3007-1 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https:& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2672
https://notcve.org/view.php?id=CVE-2015-2672
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. La implementación de xsave/xrstor en arch/x86/include/asm/xsave.h en el kernel de Linux en versiones anteriores a 3.19.2 crea determinados punteros .altinstr_replacement y consecuentemente no provee ninguna protección contra fallo de instrucciones, lo que permite a usuarios locales provocar una denegación de servicio (pánico) desencadenando un fallo, según lo demostrado por un operando de memoria no alineada o un operando de dirección de memoria no canónico. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.2 http://www.openwall.com/lists/oss-security/2015/03/22/1 https://bugzilla.redhat.com/show_bug.cgi?id=1204729 https://github.com/torvalds/linux/commit/06c8173eb92bbfc03a0fe8bb64315857d0badd06 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1604
https://notcve.org/view.php?id=CVE-2003-1604
The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. La función redirect_target en net/ipv4/netfilter/ipt_REDIRECT.c en el kernel de Linux en versiones anteriores a 2.6.0 permite a atacantes remotos to provocar una denegación de servicio (referencia a puntero NULL y OOPS) enviando paquetes a una interfaz que tiene una dirección IP 0.0.0.0, un problema relacionado con CVE-2015-8787. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://marc.info/?l=netfilter-devel&m=106668497403047&w=2 http://www.openwall.com/lists/oss-security/2016/01/27/9 https://bugzilla.redhat.com/show_bug.cgi?id=1303072 •