Page 443 of 2604 results (0.014 seconds)

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5257

https://notcve.org/view.php?id=CVE-2015-5257

drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. drivers/usb/serial/whiteheat.c en el kernel Linux en versiones anteriores a 4.2.4 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero NULL y OOPS) o posiblemente tener otro impacto no especificado a través de un dispositivo USB manipulado. NOTA: este ID se utilizó de manera incorrecta para un problema de Apache Cordova que tiene el ID correcto CVE-2015-8320. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4 http://www.debian.org/security/2015/dsa-3372 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4 http://www.openwall.com/lists/oss-security/2015/09/23/1 http://www.securityfocus.com/bid/76834 http://www.ubuntu.com/usn/USN-2792-1 http://www.ubuntu.com/usn/USN-2794-1 http://www.ubuntu.com/usn/USN-2795-1 http://www.ubuntu.com/usn •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 3

CVE-2015-5283 – kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

https://notcve.org/view.php?id=CVE-2015-5283

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. La función sctp_init en net/sctp/protocol.c en el kernel de Linux en versiones anteriores a 4.2.3 tiene una secuencia incorrecta de pasos de inicialización de protocolo, lo que permite a usuarios locales provocar una denegación de servicio (panic o corrupción de memoria) mediante la creación de sockets SCTP antes de haber finalizado todos los pasos. A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://patchwork.ozlabs.org/patch/515996 http://www.debian.org/security/2015/dsa-3372 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-665: Improper Initialization •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-7613 – kernel: Unauthorized access to IPC objects with SysV shm

https://notcve.org/view.php?id=CVE-2015-7613

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. Condición de carrera en la implementación del objeto IPC en el kernel de Linux hasta la versión 4.2.3 permite a usuarios locales obtener privilegios desencadenando una llamada a ipc_addid que conduce a comparaciones de uid y gid contra datos no inicializados, relacionada con msg.c, shm.c y util.c. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html http://lists.opensuse.org • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6252

https://notcve.org/view.php?id=CVE-2015-6252

The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. La función vhost_dev_ioctl en drivers/vhost/vhost.c en el kernel de Linux en versiones anteriores a 4.1.5 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de una llamada VHOST_SET_LOG_FD ioctl que desencadena la asignación de un descriptor de fichero permanente. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://www.debian.org/security/2015/dsa-3364 http://www.kernel.org/pub/linux/kernel/v4.x • CWE-399: Resource Management Errors •

CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2015-6937

https://notcve.org/view.php?id=CVE-2015-6937

The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. La función __rds_conn_create en net/rds/connection.c en el kernel de Linux hasta la versión 4.2.3 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tener otro impacto no especificado mediante el uso de un socket que no estaba vinculado adecuadamente. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168447.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168539.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167358.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http:/&#x •