CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2015-3290 – Linux Kernel - 'espfix64' Nested NMIs Interrupting Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3290
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. Vulnerabilidad en arch/x86/entry/entry_64.S en el kernel de Linux en versiones anteriores a 4.1.6 en la plataforma x86_64, confía indebidamente en espfix64 durante el procesamiento anidado de NMI, lo que permite a usuarios locales obtener privilegios al desencadenar una NMI dentro de una cierta ventana de instrucción. Privilege escalation can occur in Linux due to nested NMIs interrupting espfix64. • https://www.exploit-db.com/exploits/37722 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://www.debian.org/security/2015/dsa-3313 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6 http://www.openwall.com/lists/oss-security/2015/07/22/7 http://www.openwall.com/lists/oss-security/2015/08/04/8 http://www.securityfocus&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4692
https://notcve.org/view.php?id=CVE-2015-4692
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. Vulnerabilidad en la función kvm_apic_has_events en arch/x86/kvm/lapic.h en el Kernel de Linux hasta la versión 4.1.3, permite a usuarios locales causar una denegación de servicio (mediante la referencia a un puntero NULO y una caída del sistema) o posiblemente tener otro impacto no especificado a través del aprovechamiento de acceso a /dev/kvm para una llamada ioctl. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160829.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161144.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://www.debian.org/security/2015/dsa-3329 http://www.openwall.com/lists/oss-securit •
CVSS: 7.1EPSS: 39%CPEs: 2EXPL: 0CVE-2015-5366 – kernel: net: incorrect processing of checksums in UDP implementation
https://notcve.org/view.php?id=CVE-2015-5366
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. Vulnerabilidad en las funciones (1) udp_recvmsg y (2) udpv6_recvmsg en el kernel de Linux en versiones anteriores a 4.0.6, proporcionan valores de retorno -EAGAIN inapropiados, lo que permite a atacantes remotos causar una denegación de servicio (interrupción de lectura de EPOLLET en aplicación epoll) a través de una suma de comprobación incorrecta en un paquete UDP, una vulnerabilidad diferente a CVE-2015-5364. A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse&# • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 22%CPEs: 14EXPL: 0CVE-2015-5364 – kernel: net: incorrect processing of checksums in UDP implementation
https://notcve.org/view.php?id=CVE-2015-5364
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. Vulnerabilidad en las funciones (1) udp_recvmsg y (2) udpv6_recvmsg en el kernel de Linux en versiones anteriores a 4.0.6, no considera adecuadamente ceder un procesador, lo que permite a atacantes remotos causar una denegación de servicio (colgado del sistema) a través de sumas de comprobación incorrectas dentro de una inundación de paquetes UDP. A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse&# • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5321 – Kernel: tty: driver reference leakage in tty_open
https://notcve.org/view.php?id=CVE-2011-5321
The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory. La función tty_open en drivers/tty/tty_io.c en el kernel de Linux en versiones anteriores a 3.1.1 no maneja adecuadamente un fallo de búsqueda de controlador, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) o posiblemente tener otro impacto no especificado a través de acceso manipulado a un archivo de dispositivo bajo el directorio /dev/pts. A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker could use this flaw to crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 http://rhn.redhat.com/errata/RHSA-2015-1221.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.1 http://www.openwall.com/lists/oss-security/2015/03/13/17 https://bugzilla.redhat.com/show_bug.cgi?id=1201887 https://github.com/torvalds/linux/commit/c290f8358acaeffd8e0c551ddcc24d1206143376 https://access.redhat.com/security/cve/CVE-2011-5321 •