CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8746 – kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client
https://notcve.org/view.php?id=CVE-2015-8746
02 May 2016 — fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. fs/nfs/nfs4proc.c en el cliente NFS en el kernel de Linux en versiones anteriores a 4.2.2 no inicializa memoria correctamente para operaciones de recuperación de migración, lo que permite a servidores NFS remotos provocar una denegación de servi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=18e3b739fdc826481c6a1335ce0c5b19b3d415da • CWE-665: Improper Initialization •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8839 – kernel: ext4 filesystem page fault race condition with fallocate call.
https://notcve.org/view.php?id=CVE-2015-8839
02 May 2016 — Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. Múltiples condiciones de carrera en la implementación del sistema de archivos ext4 en el kernel de Linux en versiones anteriores a 4.5 permite a usuarios locales provocar una denegación de servicio (corrupción de disco) escr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-2187
https://notcve.org/view.php?id=CVE-2016-2187
02 May 2016 — The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función gtco_probe en drivers/input/tablet/gtco.c en el kernel de Linux hasta la versión 4.5.2 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de disposit... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d •
CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2016-3951
https://notcve.org/view.php?id=CVE-2016-3951
02 May 2016 — Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Vulnerabilidad de liberación de memoria doble en drivers/net/usb/cdc_ncm.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) o posiblemente tener ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2672
https://notcve.org/view.php?id=CVE-2015-2672
02 May 2016 — The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. La implementación de xsave/xrstor en arch/x86/include/asm/xsave.h en el kernel de Linux en versiones anteriores a... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6689 – libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages
https://notcve.org/view.php?id=CVE-2012-6689
02 May 2016 — The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. La función netlink_sendmsg en net/netlink/af_netlink.c en el kernel de Linux en versiones anteriores a 3.5.5 no valida el campo dst_pid, lo que permite a usuarios locales tener un impacto no especificado suplantando mensajes Netlink. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef • CWE-284: Improper Access Control •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2016-3689
https://notcve.org/view.php?id=CVE-2016-3689
02 May 2016 — The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. La función ims_pcu_parse_cdc_data en drivers/input/misc/ims-pcu.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) a través de un dispositivo USB sin interfaz para un... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2016-2854 – AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-2854
02 May 2016 — The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. El módulo aufs para el kernel de Linux 3.x y 4.x no mantiene correctamente datos POSIX ACL xattr, lo que permite a usuarios locales obtener privilegos aprovechando un directorio con permiso de escritura de grupo setgid. AUFS (Ubuntu 15.10) suffers from an allow_userns fuse/xattr user namespaces privilege escalation vuln... • https://www.exploit-db.com/exploits/41761 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2686
https://notcve.org/view.php?id=CVE-2015-2686
02 May 2016 — net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. net/socket.c en el kernel de Linux 3.19 en versiones anteriores a 3.19.3 no valida ciertos datos de rango para lalmadas de sistema (1) sendto y (2) recvfrom, lo que permite a usuarios locales obtene... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2053 – kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()
https://notcve.org/view.php?id=CVE-2016-2053
02 May 2016 — The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. La función asn1_ber_decoder en lib/asn1_decoder.c en el kernel de Linux en versiones anteriores a 4.3 permite a atacantes provocar una denegación de servicio (pánico) a través de un archivo ASN.1 BER que carece de clave p... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-310: Cryptographic Issues •