Page 418 of 3325 results (0.041 seconds)

CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 2

CVE-2015-3636 – kernel: ping sockets: use-after-free leading to local privilege escalation

https://notcve.org/view.php?id=CVE-2015-3636

The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. Vulnerabilidad en la función ping_unhash en net/ipv4/ping.c en el kernel de Linux en versiones anteriores a 4.0.3, no inicializa una cierta estructura de datos de lista durante una operación unhash, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (uso después de liberación de memoria y caída del sistema) mediante el aprovechamiento de la capacidad de hacer una llamada a un socket de sistema SOCK_DGRAM para el protocolo IPROTO_ICMP o IPROTO_ICMPV6 y entonces hacer una llamada al sistema de conexión tras una desconexión. It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. • https://github.com/fi01/CVE-2015-3636 https://github.com/a7vinx/CVE-2015-3636 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http&# • CWE-416: Use After Free •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-0275 – kernel: fs: ext4: fallocate zero range page size > block size BUG()

https://notcve.org/view.php?id=CVE-2015-0275

The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. La función ext4_zero_range en fs/ext4/extents.c en el kernel de Linux en versiones anteriores a 4.1 permite a usuarios locales provocar una denegación de servicio (BUG) a través de una petición de rango cero a fallocate manipulada. A flaw was found in the way the Linux kernel's ext4 file system handled the "page size > block size" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2af21aae11972fa924374ddcf52e88347cf5a8 http://rhn.redhat.com/errata/RHSA-2015-1778.html http://rhn.redhat.com/errata/RHSA-2015-1787.html http://www.openwall.com/lists/oss-security/2015/02/23/14 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/75139 http://www.securitytracker.com/id/1034454 http://www.spinics.net/lists/linux-ext4/msg47193.html ht • CWE-17: DEPRECATED: Code •

CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 0

CVE-2015-4002

https://notcve.org/view.php?id=CVE-2015-4002

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. drivers/staging/ozwpan/ozusbsvc1.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 no asegura que ciertas valores de longitud están lo suficientemente grandes, lo que permite a atacantes remotos causar una denegación de servicio (caída de sistema o bucle grande) o posiblemente ejecutar código arbitrario a través de un paquete manipulado, relacionado con las funciones (1) oz_usb_rx y (2) oz_usb_handle_ep_data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74668 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 https://github.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 0

CVE-2015-4001

https://notcve.org/view.php?id=CVE-2015-4001

Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. Error de signo de enteros en la función oz_hcd_get_desc_cnf en drivers/staging/ozwpan/ozhcd.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 permite a atacantes remotos causar una denegación de servicio (caída de sistema) o posiblemente ejecutar código arbitrario a través de un paquete manipulado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74672 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 https://github.com/torvalds/linux/commit/b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c • CWE-189: Numeric Errors •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 2

CVE-2015-1805 – kernel: pipe: iovec overrun leading to memory corruption

https://notcve.org/view.php?id=CVE-2015-1805

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." Vulnerabilidad en las implementaciones (1) pipe_read y (2) pipe_write en fs/pipe.c en el kernel de Linux en versiones anteriores a 3.16, no considera correctamente los efectos secundarios de llamadas __copy_to_user_inatomic y __copy_from_user_inatomic fallidas, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios a través de una aplicación manipulada, también conocida como una 'saturación del array del vector I/O'. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • https://github.com/panyu6325/CVE-2015-1805 https://github.com/ireshchaminda1/Android-Privilege-Escalation-Remote-Access-Vulnerability-CVE-2015-1805 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html • CWE-17: DEPRECATED: Code •