CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8950
https://notcve.org/view.php?id=CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. arch/arm64/mm/dma-mapping.c en el kernel de Linux en versiones anteriores a 4.0.3, como es usado en el subsistema ION en Android y otros productos, no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel desencadenando una llamada dma_mmap. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5 http://source.android.com/security/bulletin/2016-10-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3 http://www.securityfocus.com/bid/93318 https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8955
https://notcve.org/view.php?id=CVE-2015-8955
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. arch/arm64/kernel/perf_event.c en el kernel de Linux en versiones anteriores a 4.1 en plataformas arm64 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (puntero de referencia no valido) a través de vectores relacionados con eventos que son manejados incorrectamente durante un lapso de múltiples HW PMUs. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fff105e13041e49b82f92eef034f363a6b1c071 http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/93314 https://github.com/torvalds/linux/commit/8fff105e13041e49b82f92eef034f363a6b1c071 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8956 – kernel: NULL dereference in RFCOMM bind callback
https://notcve.org/view.php?id=CVE-2015-8956
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. La función rfcomm_sock_bind en net/bluetooth/rfcomm/sock.c en el kernel de Linux en versiones anteriores a 4.2 permite a usuarios locales obtener información sensible o provocar una denegación de servicio (referencia a puntero NULL) a través de vectores relacionados con una llamada de sistema enlazada en un enchufe Bluetooth RFCOMM. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=951b6a0717db97ce420547222647bcc40bf1eacd http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/93326 https://github.com/torvalds/linux/commit/951b6a0717db97ce420547222647bcc40bf1eacd https://access.redhat.com/security/cve/CVE-2015-8956 https://bugzilla.redhat.com/show_bug.cgi?id=1383395 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2016-6828 – Linux Kernel - TCP Related Read Use-After-Free
https://notcve.org/view.php?id=CVE-2016-6828
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. La función tcp_check_send_head en include/net/tcp.h en el kernel de Linux en versiones anteriores a 4.7.5 no mantiene adecuadamente cierto estado SACK tras una copia de datos fallida, lo que permite a usuarios locales provocar una denegación de servicio (uso después de liberación de memoria tcp_xmit_retransmit_queue y caída de sistema ) a través de una opción SACK manipulada. A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. • https://www.exploit-db.com/exploits/40731 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4 http://rhn.redhat.com/errata/RHSA-2017-0036.html http://rhn.redhat.com/errata/RHSA-2017-0086.html http://rhn.redhat.com/errata/RHSA-2017-0091.html http://rhn.redhat.com/errata/RHSA-2017-0113.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5 http://www.openwall.com/lists/oss-security/2016/08/15/ • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5400
https://notcve.org/view.php?id=CVE-2016-5400
Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. Pérdida de memoria en la función airspy_probe en drivers/media/usb/airspy/airspy.c en el controlador USB airspy en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de un dispositivo USB manipulado que emula muchos dispositivos VFL_TYPE_SDR o VFL_TYPE_SUBDEV y realiza muchas operaciones de conexión y desconexión. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848 http://www.openwall.com/lists/oss-security/2016/07/25/1 http://www.securityfocus.com/bid/92104 http://www.securitytracker.com/id/1036432 http://www.ubuntu.com/usn/USN-3070-1 http://www.ubuntu.com/usn/USN-3070-2 http://www.ubuntu.com/usn/USN-3070-3 http://www.ubuntu.com/usn/USN-3070-4 https://bugzilla.redhat.com/show_bug.cgi?id=1358184 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •