CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9755
https://notcve.org/view.php?id=CVE-2016-9755
28 Dec 2016 — The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. El subsistema netfilter en el kernel de Linux en versiones anteriores a 4.9 no maneja adecuadamente reensam... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6787
https://notcve.org/view.php?id=CVE-2016-6787
28 Dec 2016 — kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. kernel/events/core.c en el subsistema de rendimiento en el kernel de Linux en versiones anteriores a 4.0 no gestiona adecuadamente bloqueos durante ciertas migraciones, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad tamb... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6786
https://notcve.org/view.php?id=CVE-2016-6786
28 Dec 2016 — kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. kernel/events/core.c en el subsistema de rendimiento en el kernel de Linux en versiones anteriores a 4.0 no gestiona adecuadamente bloqueos durante ciertas migraciones, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad tamb... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9777
https://notcve.org/view.php?id=CVE-2016-9777
28 Dec 2016 — KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. KVM en el kernel de Linux en versiones anteriores a 4.8.12, cuando se habilita I/O APIC, no restringe adecuadamente el índice VCPU, lo que permite a usuarios de SO invitados obtene... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9806 – kernel: netlink: double-free in netlink_dump
https://notcve.org/view.php?id=CVE-2016-9806
28 Dec 2016 — Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. Condición de carrera en la función netlink_dump en net/netlink/af_netlink.c en el kernel de Linux en versiones anteriores a 4.6.3 permite a usuarios l... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9794 – kernel: ALSA: Use-after-free in kill_fasync
https://notcve.org/view.php?id=CVE-2016-9794
28 Dec 2016 — Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. Condición de carrera en la función snd_pcm_period_elapsed en sound/core/pcm_lib.c en el subsistema de ALSA en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegación de servicio (uso ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6704
https://notcve.org/view.php?id=CVE-2012-6704
28 Dec 2016 — The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. La función sock_setsockopt en net/core/sock.c en el kernel de Linux en versiones anteriores a 3.5 no maneja adecuadam... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82981930125abfd39d7c8378a9cfdf5e1be2002b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9756
https://notcve.org/view.php?id=CVE-2016-9756
28 Dec 2016 — arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. arch/x86/kvm/emulate.c en el kernel de Linux en versiones anteriores a 4.8.12 no inicializa adecuadamente Code Segment (CS) en ciertos casos de error, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través de una aplicación mani... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2016-9793 – Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9793
28 Dec 2016 — The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. La función sock_setsockopt en net/core/sock.c en el kernel de Linux en versiones anteriores a 4.8.14 no ... • https://www.exploit-db.com/exploits/41995 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9685 – kernel: Memory leaks in xfs_attr_list.c error paths
https://notcve.org/view.php?id=CVE-2016-9685
28 Dec 2016 — Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. Múltiples fugas de memoria en rutas de error en fs/xfs/xfs_attr_list.c en el kernel de Linux en versiones anteriores a 4.5.1 permiten a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de operaciones de archivo de sistema XFS manipuladas. A flaw was found in the Linux kernel... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e83b79b2d6c78bf1b4aa227938a214dcbddc83f • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •