CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2059
https://notcve.org/view.php?id=CVE-2016-2059
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls. La función msm_ipc_router_bind_control_port en net/ipc_router/ipc_router_core.c en el módulo del kernel IPC router para el kernel de Linux 3.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no verifica que un puerto es un puerto de cliente, lo que permite a atacantes obtener privilegios o provocar una denegación de servicio (condición de carrera y corrupción de lista) haciendo muchas llamadas ioctl BIND_CONTROL_PORT. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/90230 http://www.securitytracker.com/id/1035765 https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=9e8bdd63f7011dff5523ea435433834b3702398d https://www.codeaurora.org/projects/security-advisories/linux-ipc-router-binding-any-port-control-port-cve-2016-2059 • CWE-269: Improper Privilege Management •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-2187
https://notcve.org/view.php?id=CVE-2016-2187
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función gtco_probe en drivers/input/tablet/gtco.c en el kernel de Linux hasta la versión 4.5.2 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de dispositivos finales manipulado en un descriptor de dispositivo USB. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://www.debian.org/security/2016/dsa-3607 http://www.securityfocus.com/bid/85425 http://www.ubuntu.com/usn/USN-2989-1 http://www.ubuntu.com/usn/USN-2996-1 http://www.ubuntu.com/usn/USN-2997-1 http://www.ubuntu •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8746 – kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client
https://notcve.org/view.php?id=CVE-2015-8746
fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. fs/nfs/nfs4proc.c en el cliente NFS en el kernel de Linux en versiones anteriores a 4.2.2 no inicializa memoria correctamente para operaciones de recuperación de migración, lo que permite a servidores NFS remotos provocar una denegación de servicio (referencia a puntero NULL y pánico) a través de tráfico de red manipulado. A NULL pointer dereference flaw was found in the Linux kernel: the NFSv4.2 migration code improperly initialized the kernel structure. A local, authenticated user could use this flaw to cause a panic of the NFS client (denial of service). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=18e3b739fdc826481c6a1335ce0c5b19b3d415da http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.2 http://www.openwall.com/lists/oss-security/2016/01/05/9 http://www.securitytracker.com/id/1034594 https://bugzilla.redhat.com/show_bug.cgi?id=1295802 https://github.com/torvalds/linux/commit/18e3b739fdc826 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4176
https://notcve.org/view.php?id=CVE-2015-4176
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. fs/namespace.c en el kernel de Linux en versiones anteriores a 4.0.2 no soporta correctamente conectividad de montaje, lo que permite a usuarios locales leer archivos arbitrarios aprovechando acceso root al espacio de nombres de usuario para eliminar un archivo o directorio. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2 http://www.openwall.com/lists/oss-security/2015/06/04/5 https://bugzilla.redhat.com/show_bug.cgi?id=1249442 https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2053 – kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()
https://notcve.org/view.php?id=CVE-2016-2053
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. La función asn1_ber_decoder en lib/asn1_decoder.c en el kernel de Linux en versiones anteriores a 4.3 permite a atacantes provocar una denegación de servicio (pánico) a través de un archivo ASN.1 BER que carece de clave pública, llevando a un manejo incorrecto por la función public_key_verify_signature en crypto/asymmetric_keys/public_key.c. A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUG_ON() in the public_key_verify_signature() function (crypto/asymmetric_keys/public_key.c), to cause a kernel panic and crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-310: Cryptographic Issues •