CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6701 – kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access
https://notcve.org/view.php?id=CVE-2012-6701
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. Desbordamiento de entero en fs/aio.c en el kernel de Linux en versiones anteriores a 3.4.1 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un iovec AIO grande. It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1 http://www.openwall.com/lists/oss-security/2016/03/02/9 https://access.redhat.com/errata/RHSA-2018:1854 https://bugzilla.redhat.com/show_bug.cgi?id=1314288 https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893 https://access.redhat.com/security/cve/CVE-2012-6701 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8839 – kernel: ext4 filesystem page fault race condition with fallocate call.
https://notcve.org/view.php?id=CVE-2015-8839
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. Múltiples condiciones de carrera en la implementación del sistema de archivos ext4 en el kernel de Linux en versiones anteriores a 4.5 permite a usuarios locales provocar una denegación de servicio (corrupción de disco) escribiendo a una página que está asociada con un archivo de usuario diferente después del manejo de hole punching desincronizado y de fallo de página. A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b http://www.openwall.com/lists/oss-security/2016/04/01/4 http://www.securityfocus.com/bid/85798 http://www.securitytracker.com/id/1035455 http://www.ubuntu.com/usn/USN-3005-1 http://www.ubuntu.com/usn/USN-3006-1 http://www.ubuntu.com/usn/USN-3007-1 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https:& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2672
https://notcve.org/view.php?id=CVE-2015-2672
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. La implementación de xsave/xrstor en arch/x86/include/asm/xsave.h en el kernel de Linux en versiones anteriores a 3.19.2 crea determinados punteros .altinstr_replacement y consecuentemente no provee ninguna protección contra fallo de instrucciones, lo que permite a usuarios locales provocar una denegación de servicio (pánico) desencadenando un fallo, según lo demostrado por un operando de memoria no alineada o un operando de dirección de memoria no canónico. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.2 http://www.openwall.com/lists/oss-security/2015/03/22/1 https://bugzilla.redhat.com/show_bug.cgi?id=1204729 https://github.com/torvalds/linux/commit/06c8173eb92bbfc03a0fe8bb64315857d0badd06 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8746 – kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client
https://notcve.org/view.php?id=CVE-2015-8746
fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. fs/nfs/nfs4proc.c en el cliente NFS en el kernel de Linux en versiones anteriores a 4.2.2 no inicializa memoria correctamente para operaciones de recuperación de migración, lo que permite a servidores NFS remotos provocar una denegación de servicio (referencia a puntero NULL y pánico) a través de tráfico de red manipulado. A NULL pointer dereference flaw was found in the Linux kernel: the NFSv4.2 migration code improperly initialized the kernel structure. A local, authenticated user could use this flaw to cause a panic of the NFS client (denial of service). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=18e3b739fdc826481c6a1335ce0c5b19b3d415da http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.2 http://www.openwall.com/lists/oss-security/2016/01/05/9 http://www.securitytracker.com/id/1034594 https://bugzilla.redhat.com/show_bug.cgi?id=1295802 https://github.com/torvalds/linux/commit/18e3b739fdc826 • CWE-665: Improper Initialization •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8324 – kernel: Null pointer dereference when mounting ext4
https://notcve.org/view.php?id=CVE-2015-8324
The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. La implementación de ext4 en el kernel de Linux en versiones anteriores a 2.6.34 no rastrea correctamente la inicalización de determinadas estructuras de datos, lo que permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y pánico) a través de un dispositivo USB manipulado, relacionado con la función ext4_fill_super. A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.34 http://rhn.redhat.com/errata/RHSA-2016-0855.html http://www.openwall.com/lists/oss-security/2015/11/23/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://bugzilla.redhat.com/show_bug.cgi?id=1267261 https://github.com/torvalds/linux/commit/744692dc059845b2a3022119871846e74d4f6e11 https • CWE-476: NULL Pointer Dereference •