CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5546 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2017-5546
06 Feb 2017 — The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. La característica de freelist-randomization en mm/slab.c en el kernel 4.8.x de Linux y 4.9.x en versiones anteriores a 4.9.5 permite a usuarios locales provocar una denegación de ser... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10150 – Ubuntu Security Notice USN-3190-1
https://notcve.org/view.php?id=CVE-2016-10150
03 Feb 2017 — Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. Vulnerabilidad de uso después de liberación de memoria en la función kvm_ioctl_create_device en virt/kvm/kvm_main.c en el kernel de Linux en versiones anteriores a 4.8.13 permite a usuarios del SO anfitrión provocar una denegación de servicio (... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5206 – Gentoo Linux Security Advisory 201701-62
https://notcve.org/view.php?id=CVE-2017-5206
24 Jan 2017 — Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. Firejail en versiones anteriores a 0.9.44.4, cuando se ejecuta en un Linux kernel en versiones anteriores a 4.8, permite a atacantes dependientes del contexto evitar un mecanismo seccomp-based de protección de sandbox a través del argumento --allow-debuggers. Multiple vulnerabilities have been discovered in Firejail... • http://www.openwall.com/lists/oss-security/2017/01/07/5 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10147 – kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm
https://notcve.org/view.php?id=CVE-2016-10147
18 Jan 2017 — crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). crypto/mcryptd.c en el kernel de Linux en versiones anteriores a 4.8.15 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) usando un socket AF_ALG con un algoritmo incompatible, según lo demostrado por mcryptd(md5). Al... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2584 – Kernel: kvm: use after free in complete_emulated_mmio
https://notcve.org/view.php?id=CVE-2017-2584
15 Jan 2017 — arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. arch/x86/kvm/emulate.c en el kernel de Linux hasta la versión 4.9.3 permite a usuarios locales obtener información sensible de memoria del kernel o provocar una denegación de servicio (uso después de liberación de memoria) a través de una ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8466
https://notcve.org/view.php?id=CVE-2016-8466
12 Jan 2017 — An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31822524. • http://www.securityfocus.com/bid/95242 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8452
https://notcve.org/view.php?id=CVE-2016-8452
12 Jan 2017 — An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. • http://www.securityfocus.com/bid/95275 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8473
https://notcve.org/view.php?id=CVE-2016-8473
12 Jan 2017 — An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790. • http://www.securityfocus.com/bid/95233 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8450
https://notcve.org/view.php?id=CVE-2016-8450
12 Jan 2017 — An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. • http://www.securityfocus.com/bid/95269 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8415
https://notcve.org/view.php?id=CVE-2016-8415
12 Jan 2017 — An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. • http://www.securityfocus.com/bid/95260 • CWE-284: Improper Access Control •