CVE-2014-9730
https://notcve.org/view.php?id=CVE-2014-9730
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. Vulnerabilidad en la función udf_pc_to_char en fs/udfs/symlink.c en el kernel de Linux en versiones anteriores a 3.18.2, se basa en longitudes de componentes no utilizados, lo que permite a usuarios locales causar una denegación de servicio (caída del sistema) a través de una imagen de sistema de archivos UDF manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://www.kernel.org •
CVE-2015-5707
https://notcve.org/view.php?id=CVE-2015-5707
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. Desbordamiento de entero en la función sg_start_req en drivers/scsi/sg.c en el kernel de Linux 2.6.x hasta la versión 4.x en versiones anteriores a 4.1 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor iov_count grande en una petición de escritura. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026 • CWE-190: Integer Overflow or Wraparound •
CVE-2015-3212 – kernel: SCTP race condition allows list corruption and panic from userlevel
https://notcve.org/view.php?id=CVE-2015-3212
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. Vulnerabilidad de condición de carrera en net/stcp/socket.c en el kernel de Linux en versiones anteriores a 4.1.2, permite a usuarios locales causar una denegación de servicio (lista corrupta y pánico) a través de una serie de llamadas al sistema relacionadas con sockets, según lo demostrado por las llamadas setsockopt. A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d45a02d0166caf2627fe91897c6ffc3b19514c4 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://rhn.redhat.com/errata/RHSA-2015-1778.html http://rhn.redhat.com/errata/RHSA-2015-1787.html http://www.debian.org/security/2015/dsa-3329 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2 http://www.ora • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVE-2015-5697
https://notcve.org/view.php?id=CVE-2015-5697
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. Vulnerabilidad en la función get_bitmap en drivers/md/md.c en el kernel de Linux en versiones anteriores a 4.1.6, no inicializa una cierta estructura de datos de mapa de bits, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una llamada a GET_BITMAP_FILE de ioctl . • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1333 – kernel: denial of service due to memory leak in add_key()
https://notcve.org/view.php?id=CVE-2015-1333
Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. Vulnerabilidad de fuga de memoria en la función __key_link_end en security/kesy/keyring.c en el kernel de Linux en versiones anteriores a 4.1.4, permite a usuarios locales causar una denegación de servicio (consumo de memoria) a través de muchas llamadas al sistema add_key que hacen referencia a las claves existentes. It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 http://rhn.redhat.com/errata/RHSA-2015-1778.html http://rhn.redhat.com/errata/RHSA-2015-1787.html http://www.debian.org/security/2015/dsa-3329 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4 http://www.openwall.com/lists/oss-security/2015/07/27/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •