CVE-2015-7550
https://notcve.org/view.php?id=CVE-2015-7550
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. La función keyctl_read_key en security/keys/keyctl.c en el kernel de Linux en versiones anteriores a 4.3.4 no utiliza adecuadamente un semáforo, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tiene otro impacto no especificado a través de una aplicación manipulada que aprovecha una condición de carrera entre llamadas keyctl_revoke y keyctl_read. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b4a1b4f5047e4f54e194681125c74c0aa64d637d http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://www.debian.org/security/2016/dsa-3434 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4 http://www.securityfocus.com/bid/79903 http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-8575
https://notcve.org/view.php?id=CVE-2015-8575
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. La función sco_sock_bind en net/bluetooth/sco.c en el kernel de Linux en versiones anteriores a 4.3.4 no verifica la longitud de una dirección, lo que permite a usuarios locales obtener información sensible de la memoria del kernel y eludir el mecanismo de protección KASLR a través de una aplicación manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://www.debian.org/security/2016/dsa-3434 http://www.kernel.org/pub/linux/kernel • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-8709
https://notcve.org/view.php?id=CVE-2015-8709
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here. ** DISPUTADA ** kernel/ptrace.c en el kernel de Linux hasta la versión 4.4.1 no maneja correctamente el mapeo uid y gid, lo que permite a usuarios locales obtener privilegios estableciendo un espacio de nombres de usuario, a la espera de un proceso root para entrar ese espacio de nombres con un uid o gid inseguro, y después utilizando la llamada al sistema ptrace. NOTA: el vendedor afirma "no hay ningún error en el kernel aquí". • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7513
https://notcve.org/view.php?id=CVE-2015-7513
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. arch/x86/kvm/x86.c en el kernel de Linux en versiones anteriores a 4.4 no reinicia los valores del contador PIT durante la restauración del estado, lo que permite a usuarios invitados del SO provocar una denegación de servicio (error de división por cero y caída del host del SO) a través del valor cero, relacionado con las funciones kvm_vm_ioctl_set_pit y kvm_vm_ioctl_set_pit2. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html http://www.debian.org/security/2016/dsa-3434 http://www.openwall.com/lists/oss-security/2016/01/07/2 http://www.securityfocus.com/bid/79901 ht • CWE-369: Divide By Zero •
CVE-2015-7509 – kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system
https://notcve.org/view.php?id=CVE-2015-7509
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. fs/ext4/namei.c en el kernel Linux en versiones anteriores a 3.7 permite a atacantes físicamente próximos provocar una denegación de servicio (caída del sistema) a través de un archivo de sistema no-journal manipulado, un problema relacionado con CVE-2013-2015. A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9b92530a723ac5ef8e352885a1862b18f31b2f5 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://rhn.redhat.com/errata/RHSA-2016-0855.html http://www.securitytracker.com/id/1034559 https://bugzilla.redhat.com/show_bug.cgi?id=1259222 https://bugzilla.su • CWE-20: Improper Input Validation CWE-250: Execution with Unnecessary Privileges •