CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6480 – kernel: scsi: aacraid: double fetch in ioctl_send_fib()
https://notcve.org/view.php?id=CVE-2016-6480
01 Aug 2016 — Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. Condición de carrera en la función ioctl_send_fib en drivers/scsi/aacraid/commctrl.c en el kernel de Linux hasta la versión 4.7 permite a usuarios locales provocar una denegación de servicio (acceso fuera de rango o caída de sistema) cambiand... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2016-2067
https://notcve.org/view.php?id=CVE-2016-2067
11 Jul 2016 — drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993. drivers/gpu/msm/kgsl.c en el controlador de gráficos MSM (también conocido como controlador GPU) para el kernel de Linux 3.x, tal como se utiliza... • https://github.com/hhj4ck/CVE-2016-2067 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9803
https://notcve.org/view.php?id=CVE-2014-9803
11 Jul 2016 — arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020. arch/arm64/include/asm/pgtable.h en el kernel de Linux en versiones anteriores a 3.15-rc5-next-20140519, tal y como se utiliza en Android en versiones anteriores a 2016-07-05 en dispositivos Nexus 5X y 6P, no maneja correctament... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2068
https://notcve.org/view.php?id=CVE-2016-2068
11 Jul 2016 — The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609. El controlador de audio MSM QDSP6 (también conocido como controlador de ... • http://source.android.com/security/bulletin/2016-07-01.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6136 – kernel: Race condition vulnerability in execve argv arguments
https://notcve.org/view.php?id=CVE-2016-6136
04 Jul 2016 — Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability. Condición de carrera en la función audit_log_single_execve_arg en kernel/auditsc.c en el kernel de Linux hasta la versión 4.7 permite a usuarios locales eludir restricciones de set de caracteres intencionados o interrumpir la auditoria de... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6156
https://notcve.org/view.php?id=CVE-2016-6156
04 Jul 2016 — Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability. Condición de carrera en la función ec_device_ioctl_xcmd en drivers/platform/chrome/cros_ec_dev.c en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegación de servicio (acceso al array fuera de ran... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6130
https://notcve.org/view.php?id=CVE-2016-6130
01 Jul 2016 — Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. Condición de carrera en la función sclp_ctl_ioctl_sccb en drivers/s390/char/sclp_ctl.c en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales obtener información sensible de la memoria del kernel cambiando un valor de longitud deter... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6703
https://notcve.org/view.php?id=CVE-2012-6703
29 Jun 2016 — Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. Desbordamiento de entero en la función snd_compr_allocate_buffer en sound/core/compress_offload.c en el subsistema ALSA en el kernel de Linux en versiones anteriores a 3.6-rc... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1237
https://notcve.org/view.php?id=CVE-2016-1237
28 Jun 2016 — nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. nfsd en el kernel de Linux hasta la versión 4.6.3 permite a usuarios locales eludir las restricciones destinadas al permiso de archivo ajustando una POSIX ACL relacionada con nfs2acl.c, nfs3acl.c y nfs4acl.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3070 – kernel: Null pointer dereference in trace_writeback_dirty_page()
https://notcve.org/view.php?id=CVE-2016-3070
28 Jun 2016 — The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. La implementación trace_writeback_dirty_page en include/trace/events/writeback.h en el kernel de Linux en versiones anteriores a 4.4 interactúa incorrectamente con mm/migrate.c, lo que... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743 • CWE-476: NULL Pointer Dereference •