CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8401
https://notcve.org/view.php?id=CVE-2016-8401
12 Jan 2017 — An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725. • http://www.securityfocus.com/bid/94686 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6757
https://notcve.org/view.php?id=CVE-2016-6757
12 Jan 2017 — An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. • http://www.securityfocus.com/bid/94693 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8391
https://notcve.org/view.php?id=CVE-2016-8391
12 Jan 2017 — An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. • http://www.securityfocus.com/bid/94681 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6776
https://notcve.org/view.php?id=CVE-2016-6776
12 Jan 2017 — An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8397
https://notcve.org/view.php?id=CVE-2016-8397
12 Jan 2017 — An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9754 – Ubuntu Security Notice USN-3422-2
https://notcve.org/view.php?id=CVE-2016-9754
05 Jan 2017 — The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. La función ring_buffer_resize en kernel/trace/ring_buffer.c en el subsistema de creación de perfiles del kernel de Linux en versiones anteriores a 4.6.1 no maneja adecuadamente ciertos cálculos de entero, lo que permite a usuarios locales o... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-10088 – kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)
https://notcve.org/view.php?id=CVE-2016-10088
30 Dec 2016 — The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. La implementación sg en el kernel Linux hasta la versión 4.9 no restring... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6786 – Debian Security Advisory 3791-1
https://notcve.org/view.php?id=CVE-2016-6786
28 Dec 2016 — kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. kernel/events/core.c en el subsistema de rendimiento en el kernel de Linux en versiones anteriores a 4.0 no gestiona adecuadamente bloqueos durante ciertas migraciones, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad tamb... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6787 – Debian Security Advisory 3791-1
https://notcve.org/view.php?id=CVE-2016-6787
28 Dec 2016 — kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. kernel/events/core.c en el subsistema de rendimiento en el kernel de Linux en versiones anteriores a 4.0 no gestiona adecuadamente bloqueos durante ciertas migraciones, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad tamb... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9794 – kernel: ALSA: Use-after-free in kill_fasync
https://notcve.org/view.php?id=CVE-2016-9794
28 Dec 2016 — Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. Condición de carrera en la función snd_pcm_period_elapsed en sound/core/pcm_lib.c en el subsistema de ALSA en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegación de servicio (uso ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •