CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9178 – Ubuntu Security Notice USN-3422-2
https://notcve.org/view.php?id=CVE-2016-9178
28 Nov 2016 — The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. El macro __get_user_asm_ex en arch/x86/include/asm/uaccess.h en el kernel Linux en versiones anteriores a 4.7.5 no inicia ciertas variables de entero, lo que permite a usuarios locales obtener información sensible de la memoria basado en pila... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8645 – kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c
https://notcve.org/view.php?id=CVE-2016-8645
28 Nov 2016 — The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. La pila TCP en el kernel Linux en versiones anteriores a 4.8.10 maneja incorrectamente el truncamiento skb, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) a través de una aplicación manipulada que hace llamadas d... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3 • CWE-284: Improper Access Control CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9191 – Kernel Live Patch Security Notice LSN-0021-1
https://notcve.org/view.php?id=CVE-2016-9191
28 Nov 2016 — The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. La implementación offline cgroup en el kernel Linux hasta la versión 4.8.11 maneja incorrectamente ciertas operaciones drain, lo que permite a usuarios locales provocar una denegación de servicio (colgado de sistema) aprovech... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9083 – kernel: State machine confusion bug in vfio driver leading to memory corruption
https://notcve.org/view.php?id=CVE-2016-9083
28 Nov 2016 — drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." drivers/vfio/pci/vfio_pci.c en el kernel Linux hasta la versión 4.8.11 permite a usuarios locales eludir comprobaciones de desbordamiento de enteros, y provocar una denegación de servicio ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-391: Unchecked Error Condition •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8962 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2015-8962
16 Nov 2016 — Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. Vulnerabilidad de liberación doble en la función sg_common_write en drivers/scsi/sg.c en el kernel de Linux en versiones anteriores a 4.4 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria y ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3951a3709ff50990bf3e188c27d346792103432 • CWE-415: Double Free •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-7911 – Kernel Live Patch Security Notice LSN-0021-1
https://notcve.org/view.php?id=CVE-2016-7911
16 Nov 2016 — Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. Condición de carrera en la función get_task_ioprio en block/ioprio.c en el kernel de Linux en versiones anteriores a 4.6.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso posterior a la llamada) mediante una llamada manipulada al sistema ioprio_get. ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7916 – Kernel Live Patch Security Notice LSN-0021-1
https://notcve.org/view.php?id=CVE-2016-7916
16 Nov 2016 — Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. La condición de carrera en la función environ_read en fs / proc / base.c en el kernel de Linux antes de 4.5.4 permite a usuarios locales obtener información sensible de la memoria del kernel leyendo un archivo / proc / * / ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8964 – Ubuntu Security Notice USN-3161-2
https://notcve.org/view.php?id=CVE-2015-8964
16 Nov 2016 — The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. La función tty_set_termios_ldisc en drivers/tty/tty_ldisc.c enel kernel de Linux en versiones anteriores a 4.5 permite a los usuarios locales obtener información sensible de la memoria del kernel mediante la lectura de una estructura de datos tty. It was discovered that the Linux kernel did not properly initialize ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7914 – kernel: assoc_array: don't call compare_object() on a node
https://notcve.org/view.php?id=CVE-2016-7914
16 Nov 2016 — The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2 • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 2CVE-2016-7910 – kernel: Use after free in seq file
https://notcve.org/view.php?id=CVE-2016-7910
16 Nov 2016 — Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. Vulnerabilidad de uso después de liberación de memoria en la función disk_seqf_stop en block/genhd.c en el kernel de Linux en versiones anteriores a 4.7.1 permite a usuarios locales obtener privilegios aprovechando la ejecución de una cierta operación de... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84 • CWE-416: Use After Free •