CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 5CVE-2016-8655 – Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8655
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. Condición de carrera en net/packet/af_packet.c en el kernel de Linux hasta la versión 4.8.12 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) aprovechando la capacidad CAP_NET_RAW de cambiar una versión socket, relacionado con las funciones packet_set_ring y packet_setsockopt. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. • https://www.exploit-db.com/exploits/44696 https://www.exploit-db.com/exploits/40871 https://www.exploit-db.com/exploits/47170 https://github.com/LakshmiDesai/CVE-2016-8655 https://github.com/KosukeShimofuji/CVE-2016-8655 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html http://l • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8970 – kernel: crypto: GPF in lrw_crypt caused by null-deref
https://notcve.org/view.php?id=CVE-2015-8970
crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. crypto/algif_skcipher.c en el kernel Linux en versiones anteriores a 4.4.2 no verifica que una operación setkey haya sido llevada a cabo en un enchufe AF_ALG antes de que una llamada de sistema aceptada sea procesada, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULO y caída de sistema) a través de una aplicación manipulada que no aporta una llave, relacionado con la función lrw_crypt en crypto/lrw.c. The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2 http://www.openwall.com/lists/oss-security/2016/11/04/3 http://www.securityfocus.com/bid/94217 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2437 https://access.redhat.com/errata/RHSA-2017:2444 https:// • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9083 – kernel: State machine confusion bug in vfio driver leading to memory corruption
https://notcve.org/view.php?id=CVE-2016-9083
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." drivers/vfio/pci/vfio_pci.c en el kernel Linux hasta la versión 4.8.11 permite a usuarios locales eludir comprobaciones de desbordamiento de enteros, y provocar una denegación de servicio (corrupción de memoria) o tener otro posible impacto no especificado, aprovechando el acceso al archivo de dispositivo vfio PCI para una llamada ioctl VFIO_DEVICE_SET_IRQS, vulnerabilidad también conocida como "state machine confusion bug". A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a http://rhn.redhat.com/errata/RHSA-2017-0386.html http://rhn.redhat.com/errata/RHSA-2017-0387.html http://www.openwall.com/lists/oss-security/2016/10/26/11 http://www.securityfocus.com/bid/93929 https://bugzilla.redhat.com/show_bug.cgi?id=1389258 https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a https://patchwork.kernel.org/patch/9373631 https:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-391: Unchecked Error Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9084 – kernel: Integer overflow when using kzalloc in vfio driver
https://notcve.org/view.php?id=CVE-2016-9084
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. drivers/vfio/pci/vfio_pci_intrs.c en el kernel Linux hasta la versión 4.8.11 usa de forma incorrecta la función kzalloc, lo que permite a usuarios locales provocar una denegación de servicio (desbordamiento de entero) o tener otro posible impacto no especificado aprovechando el acceso al archivo de dispositivo vfio PCI. The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a http://rhn.redhat.com/errata/RHSA-2017-0386.html http://rhn.redhat.com/errata/RHSA-2017-0387.html http://www.openwall.com/lists/oss-security/2016/10/26/11 http://www.securityfocus.com/bid/93930 https://bugzilla.redhat.com/show_bug.cgi?id=1389259 https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a https://patchwork.kernel.org/patch/9373631 https:/&#x • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9178
https://notcve.org/view.php?id=CVE-2016-9178
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. El macro __get_user_asm_ex en arch/x86/include/asm/uaccess.h en el kernel Linux en versiones anteriores a 4.7.5 no inicia ciertas variables de entero, lo que permite a usuarios locales obtener información sensible de la memoria basado en pila del kernel desencadenando un fallo de la llamada get_user_ex. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5 http://www.openwall.com/lists/oss-security/2016/11/04/4 http://www.securityfocus.com/bid/94144 https://bugzilla.redhat.com/show_bug.cgi?id=1391908 https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •