CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0572
https://notcve.org/view.php?id=CVE-2015-0572
10 Oct 2016 — Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call. Múltiples condiciones de carrera en drivers/char/adsprpc.c y drivers/char/adsprpc_compat.c en el driver ADSPRPC para el k... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5343
https://notcve.org/view.php?id=CVE-2016-5343
10 Oct 2016 — drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow. drivers/soc/qcom/qdsp6v2/voice_svc.c en el controlador Voice Service QDSP6v2 para el kernel de Linux 3.x, como se usa en con... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8950
https://notcve.org/view.php?id=CVE-2015-8950
10 Oct 2016 — arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. arch/arm64/mm/dma-mapping.c en el kernel de Linux en versiones anteriores a 4.0.3, como es usado en el subsistema ION en Android y otros productos, no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener info... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8956 – kernel: NULL dereference in RFCOMM bind callback
https://notcve.org/view.php?id=CVE-2015-8956
10 Oct 2016 — The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. La función rfcomm_sock_bind en net/bluetooth/rfcomm/sock.c en el kernel de Linux en versiones anteriores a 4.2 permite a usuarios locales obtener información sensible o provocar una denegación de servicio (referencia a puntero NULL) a través ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=951b6a0717db97ce420547222647bcc40bf1eacd • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 7%CPEs: 12EXPL: 0CVE-2016-7117 – kernel: Use-after-free in the recvmmsg exit path
https://notcve.org/view.php?id=CVE-2016-7117
10 Oct 2016 — Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. Vulnerabilidad de uso después de liberación de memoria en la función the __sys_recvmmsg en net/socket.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una llamada al ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d • CWE-19: Data Processing Errors CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2016-6828 – Linux Kernel - TCP Related Read Use-After-Free
https://notcve.org/view.php?id=CVE-2016-6828
06 Sep 2016 — The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. La función tcp_check_send_head en include/net/tcp.h en el kernel de Linux en versiones anteriores a 4.7.5 no mantiene adecuadamente cierto estado SACK tras una copia de datos fallida, lo que permite a usuarios lo... • https://www.exploit-db.com/exploits/40731 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5342
https://notcve.org/view.php?id=CVE-2016-5342
30 Aug 2016 — Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. Desbordamiento de búfer basado en memoria dinámica en la función wcnss_wlan_write en drivers/ne... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5344
https://notcve.org/view.php?id=CVE-2016-5344
30 Aug 2016 — Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. Múltiples desbordamientos de entero en el controlador MDSS para el kernel 3.x de Linux, tal como se utiliza en contribuciones Qualcomm Innovation Center (QuIC) And... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9410
https://notcve.org/view.php?id=CVE-2014-9410
07 Aug 2016 — The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. La función vfe31_proc_general en drivers/media/video/msm/vfe/msm_vfe31.c en el controlador MSM-VFE31 pa... • https://www.codeaurora.org/security-advisory/multiple-issues-in-camera-drivers-cve-2014-9410-cve-2015-0568 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2065
https://notcve.org/view.php?id=CVE-2016-2065
07 Aug 2016 — sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer. sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c en el controlador de aud... • http://www.securityfocus.com/bid/92376 • CWE-787: Out-of-bounds Write •