CVE-2016-8633 – kernel: Buffer overflow in firewire driver via crafted incoming packets
https://notcve.org/view.php?id=CVE-2016-8633
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. drivers/firewire/net.c en el kernel Linux en versiones anteriores a 4.8.7, en ciertas configuraciones de hardware no usuales, permite a atacantes remotos ejecutar un código arbitrario a través de paquetes fragmentados manipulados. A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7 http://www.openwall.com/lists/oss-security/2016/11/06/1 http://www.securityfocus.com/bid/94149 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVE-2015-8970 – kernel: crypto: GPF in lrw_crypt caused by null-deref
https://notcve.org/view.php?id=CVE-2015-8970
crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. crypto/algif_skcipher.c en el kernel Linux en versiones anteriores a 4.4.2 no verifica que una operación setkey haya sido llevada a cabo en un enchufe AF_ALG antes de que una llamada de sistema aceptada sea procesada, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULO y caída de sistema) a través de una aplicación manipulada que no aporta una llave, relacionado con la función lrw_crypt en crypto/lrw.c. The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2 http://www.openwall.com/lists/oss-security/2016/11/04/3 http://www.securityfocus.com/bid/94217 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2437 https://access.redhat.com/errata/RHSA-2017:2444 https:// • CWE-476: NULL Pointer Dereference •
CVE-2016-9555 – kernel: Slab out-of-bounds access in sctp_sf_ootb()
https://notcve.org/view.php?id=CVE-2016-9555
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. La función sctp_sf_ootb en net/sctp/sm_statefuns.c en el kernel Linux en versiones anteriores a 4.8.8 carece de comprobación de longitud de fragmento para el primer fragmento, lo que permite a atacantes remotos provocar una denegación de servicio (acceso slab fuera de límites) o tener otro posible impacto no especificado a través de datos SCTP manipulados. A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html http://lists.opensuse.org • CWE-125: Out-of-bounds Read •
CVE-2016-8645 – kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c
https://notcve.org/view.php?id=CVE-2016-8645
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. La pila TCP en el kernel Linux en versiones anteriores a 4.8.10 maneja incorrectamente el truncamiento skb, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) a través de una aplicación manipulada que hace llamadas de sistema sendto, relacionado con net/ipv4/tcp_ipv4.c y net/ipv6/tcp_ipv6.c. It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10 http://www.openwall.com/lists/oss-security/2016/11/11/3 http://www.openwall.com/lists/oss-security/2016/11/30/3 http://www.securityfocus.com/bid/94264 http://www.securitytracker.com/id/1037285 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https: • CWE-284: Improper Access Control CWE-617: Reachable Assertion •
CVE-2015-8962
https://notcve.org/view.php?id=CVE-2015-8962
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. Vulnerabilidad de liberación doble en la función sg_common_write en drivers/scsi/sg.c en el kernel de Linux en versiones anteriores a 4.4 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria y bloqueo del sistema) desvinculando un dispositivo durante una llamada ioctl SG_IO. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3951a3709ff50990bf3e188c27d346792103432 http://www.securityfocus.com/bid/94187 https://github.com/torvalds/linux/commit/f3951a3709ff50990bf3e188c27d346792103432 https://source.android.com/security/bulletin/2016-11-01.html • CWE-415: Double Free •