CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6516
https://notcve.org/view.php?id=CVE-2016-6516
Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability. Condición de carrera en la función ioctl_file_dedupe_range en fs/ioctl.c en el kernel de Linux hasta la versión 4.7 permite a usuarios locales provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) o posiblemente obtener privilegios cambiando un cierto valor de recuento, también conocido como una vulnerabilidad de "doble recuperación". • https://github.com/wpengfei/CVE-2016-6516-exploit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10eec60ce79187686e052092e5383c99b4420a20 http://www.openwall.com/lists/oss-security/2016/07/31/6 http://www.securityfocus.com/bid/92259 https://bugzilla.redhat.com/show_bug.cgi?id=1362457 https://github.com/torvalds/linux/commit/10eec60ce79187686e052092e5383c99b4420a20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 1CVE-2016-5696 – kernel: challenge ACK counter information disclosure.
https://notcve.org/view.php?id=CVE-2016-5696
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758 http://rhn.redhat.com/errata/RHSA-2016-1631.html http://rhn.redhat.com/errata/RHSA-2016-1632.html http://rhn.redhat.com/errata/RHSA-2016-1633.html http://rhn.redhat.com/errata/RHSA-2016-1657.html http://rhn.redhat.com/errata/RHSA-2016-1664.html http://rhn.redhat.com/errata/RHSA-2016-1814.html http://rhn.redhat.com/errata/RHSA-2016-1815.html http://rhn. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6197 – kernel: overlayfs: missing upper dentry verification before unlink and rename
https://notcve.org/view.php?id=CVE-2016-6197
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. fs/overlayfs/dir.c en la implementación del sistema de archivos OverlayFS en el kernel de Linux en versiones anteriores a 4.6 no verifica adecuadamente la dentry superior antes de proceder con el procesamiento de desconexión y cambio de nombre de llamadas al sistema, lo que permite a usuarios locales provocar una denegación del servicio (caída de sistema) a través de una llamada al sistema cambiada de nombre que especifica un self-hardlink. It was found that the unlink and rename functionality in overlayfs did not verify the upper dentry for staleness. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to panic or crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=11f3710417d026ea2f4fcf362d866342c5274185 http://rhn.redhat.com/errata/RHSA-2016-1847.html http://rhn.redhat.com/errata/RHSA-2016-1875.html http://www.openwall.com/lists/oss-security/2016/07/11/8 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/91709 http://www.securitytracker. • CWE-20: Improper Input Validation CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9900
https://notcve.org/view.php?id=CVE-2014-9900
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754. La función ethtool_get_wol en net/core/ethtool.c en el kernel de Linux hasta la versión 4.7, como se usa en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 5 y 7 (2013), no inicializa una cierta estructura de datos, lo que permite a usuarios locales obtener información sensible a través de una aplicación manipulada, también conocido como error interno de Android 28803952 y error interno de Qualcomm CR570754. • http://source.android.com/security/bulletin/2016-08-01.html http://www.securityfocus.com/bid/92222 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8944
https://notcve.org/view.php?id=CVE-2015-8944
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts. La función ioresources_init en kernel/resource.c en el kernel de Linux hasta la versión 4.7, como se usa en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 6 y 7 (2013), usa permisos débiles para /proc/iomem, lo que permite a usuarios locales obtener información sensible leyendo este archivo, también conocido como error interno de Android 28814213 y error interno de Qualcomm CR786116. NOTA: los permisos pueden ser intencionales en la mayoría de contextos distintos de Android. • http://source.android.com/security/bulletin/2016-08-01.html http://www.openwall.com/lists/kernel-hardening/2016/04/06/22 http://www.securityfocus.com/bid/92222 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •