CVE-2015-7513
https://notcve.org/view.php?id=CVE-2015-7513
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. arch/x86/kvm/x86.c en el kernel de Linux en versiones anteriores a 4.4 no reinicia los valores del contador PIT durante la restauración del estado, lo que permite a usuarios invitados del SO provocar una denegación de servicio (error de división por cero y caída del host del SO) a través del valor cero, relacionado con las funciones kvm_vm_ioctl_set_pit y kvm_vm_ioctl_set_pit2. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html http://www.debian.org/security/2016/dsa-3434 http://www.openwall.com/lists/oss-security/2016/01/07/2 http://www.securityfocus.com/bid/79901 ht • CWE-369: Divide By Zero •
CVE-2015-7509 – kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system
https://notcve.org/view.php?id=CVE-2015-7509
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. fs/ext4/namei.c en el kernel Linux en versiones anteriores a 3.7 permite a atacantes físicamente próximos provocar una denegación de servicio (caída del sistema) a través de un archivo de sistema no-journal manipulado, un problema relacionado con CVE-2013-2015. A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9b92530a723ac5ef8e352885a1862b18f31b2f5 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://rhn.redhat.com/errata/RHSA-2016-0855.html http://www.securitytracker.com/id/1034559 https://bugzilla.redhat.com/show_bug.cgi?id=1259222 https://bugzilla.su • CWE-20: Improper Input Validation CWE-250: Execution with Unnecessary Privileges •
CVE-2015-8569
https://notcve.org/view.php?id=CVE-2015-8569
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. Las funciones (1) pptp_bind y (2) pptp_connect en drivers/net/ppp/pptp.c en el kernel de Linux hasta la versión 4.3.3 no verifican la longitud de una dirección, lo que permite a usuarios locales obtener información sensible de la memoria del kernel y eludir el mecanismo de protección KASLR a través de una aplicación manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://twitter.com/grsecurity/statuses/676744240802750464 http://www.debian.org/security/2016/d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-7446
https://notcve.org/view.php?id=CVE-2013-7446
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. Vulnerabilidad de uso después de la liberación de la memoria en net/unix/af_unix.c en el kernel de Linux en versiones anteriores a 4.3.3 permite a usuarios locales eludir los permisos destinados al socket AF_UNIX o provocar una denegación de servicio (panic) a través de llamadas epoll_ctl manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html http://lists.opensuse.org •
CVE-2015-8374 – kernel: Information leak when truncating of compressed/inlined extents on BTRFS
https://notcve.org/view.php?id=CVE-2015-8374
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. fs/btrfs/inode.c en el kernel de Linux en versiones anteriores a 4.3.3 no maneja correctamente extensiones en línea comprimidas, lo que permite a usuarios locales obtener información sensible previa al truncamiento desde un archivo a través de una acción clone. An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly decremented, which gave the wrong report for callers of the stat(2) syscall. This wasted metadata space and allowed for the truncated data to be leaked, and data corruption or loss to occur. A caller of the clone ioctl could exploit this flaw by using only standard file-system operations without root access to read the truncated data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.debian.org/security/2015/dsa-3426 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 http://www.openwall.com/lists/oss-security/2015/11/27/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.co • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •