CVE-2016-2085
https://notcve.org/view.php?id=CVE-2016-2085
The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack. La función evm_verify_hmac en security/integrity/evm/evm_main.c en el kernel de Linux en versiones anteriores a 4.5 no copia correctamente los datos, lo que facilita a usuarios locales falsificar los valores MAC a través de un ataque de tiempo side-chanel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=613317bd212c585c20796c10afe5daaa95d4b0a1 http://www.ubuntu.com/usn/USN-2946-1 http://www.ubuntu.com/usn/USN-2946-2 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 http://www.ubuntu.com/usn/USN-2948-1 http://www.ubuntu.com/usn/USN-2948-2 http://www.ubuntu.com/usn/USN-2949-1 https://bugzilla.redhat.com/show • CWE-19: Data Processing Errors •
CVE-2016-2383
https://notcve.org/view.php?id=CVE-2016-2383
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. La función adjust_branches en kernel/bpf/verifier.c en el kernel de Linux en versiones anteriores a 4.5 no tiene en cuenta el delta en el caso de salto de retroceso, lo que permite a usuarios locales obtener información sensible del kernel de memoria creando un filtro de paquetes y posteriormente cargando instrucciones BPF manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1b14d27ed0965838350f1377ff97c93ee383492 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.openwall.com/lists/oss-security/2016/02/14/1 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 https://bugzilla.redhat.com/show_bug.cgi?id=1308452 https://github.com/torvalds/linux/commit/a1b14d27ed0965838350f1377ff97c93ee3834 •
CVE-2016-2847 – kernel: pipe: limit the per-user amount of pages allocated in pipes
https://notcve.org/view.php?id=CVE-2016-2847
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. fs/pipe.c en el kernel de Linux antes de 4.5 no limita la cantidad de datos no leídos en las tuberías, lo que permite a los usuarios locales provocar una denegación de servicio (consumo de memoria) creando muchas tuberías con tamaños no predeterminados. It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2016-3134 – Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
https://notcve.org/view.php?id=CVE-2016-3134
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. El subsistema netfilter en el kernel de Linux hasta la versión 4.5.2 no válida ciertos campos de desplazamiento, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_REPLACE setsockopt. A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset. • https://www.exploit-db.com/exploits/39545 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0823
https://notcve.org/view.php?id=CVE-2016-0823
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. La función pagemap_open en fs/proc/task_mmu.c en el kernel de Linux en versiones anteriores a 3.19.3, tal como se utiliza en Android 6.0.1 en versiones anteriores a 2016-03-01, permite a usuarios locales obtener información sensible de la dirección física leyendo un archivo pagemap, también conocido como error interno de Android 25739721. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html http://source.android.com/security/bulletin/2016-03-01.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3 http://www.securityfocus.com/bid/84265 https://github.com/torvalds/linux/commit/ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •