CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9120
https://notcve.org/view.php?id=CVE-2016-9120
Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. Condición de carrera en la función ion_ioctl en drivers/staging/android/ion/ion.c en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) llamando a ION_IOC_FREE en dos CPUs al mismo tiempo. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 http://source.android.com/security/bulletin/2016-12-01.html http://www.securityfocus.com/bid/94669 https://github.com/torvalds/linux/commit/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8966
https://notcve.org/view.php?id=CVE-2015-8966
arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. arch/arm/kernel/sys_oabi-compat.c en el kernel de Linux en versiones anteriores a 4.4 permite a usuarios locales obtener privilegios a través de un comando (1) F_OFD_GETLK, (2) F_OFD_SETLK o (3) F_OFD_SETLKW manipulado en una llamada de sistema fcntl64. • http://source.android.com/security/bulletin/2016-12-01.html http://www.securityfocus.com/bid/94673 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=76cc404bfdc0d419c720de4daaf2584542734f42 https://github.com/torvalds/linux/commit/76cc404bfdc0d419c720de4daaf2584542734f42 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 5CVE-2016-8655 – Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8655
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. Condición de carrera en net/packet/af_packet.c en el kernel de Linux hasta la versión 4.8.12 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) aprovechando la capacidad CAP_NET_RAW de cambiar una versión socket, relacionado con las funciones packet_set_ring y packet_setsockopt. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. • https://www.exploit-db.com/exploits/44696 https://www.exploit-db.com/exploits/40871 https://www.exploit-db.com/exploits/47170 https://github.com/LakshmiDesai/CVE-2016-8655 https://github.com/KosukeShimofuji/CVE-2016-8655 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html http://l • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 0CVE-2016-8633 – kernel: Buffer overflow in firewire driver via crafted incoming packets
https://notcve.org/view.php?id=CVE-2016-8633
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. drivers/firewire/net.c en el kernel Linux en versiones anteriores a 4.8.7, en ciertas configuraciones de hardware no usuales, permite a atacantes remotos ejecutar un código arbitrario a través de paquetes fragmentados manipulados. A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7 http://www.openwall.com/lists/oss-security/2016/11/06/1 http://www.securityfocus.com/bid/94149 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9191
https://notcve.org/view.php?id=CVE-2016-9191
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. La implementación offline cgroup en el kernel Linux hasta la versión 4.8.11 maneja incorrectamente ciertas operaciones drain, lo que permite a usuarios locales provocar una denegación de servicio (colgado de sistema) aprovechando el acceso al contenedor de ambiente para ejecutar una aplicación manipulada, como es demostrado por trinity. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939 http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2016/11/05/4 http://www.securityfocus.com/bid/94129 https://bugzilla.redhat.com/show_bug.cgi?id=1392439 https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •