CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2016-7425
https://notcve.org/view.php?id=CVE-2016-7425
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. La función arcmsr_iop_message_xfer en drivers/scsi/arcmsr/arcmsr_hba.c en el kernel de Linux hasta la versión 4.8.2 no restringe una cierta longitud de campo, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) a través de un código de control ARCMSR_MESSAGE_WRITE_WQBUFFER. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167 http://marc.info/?l=linux-scsi&m=147394713328707&w=2 http://marc.info/?l=linux-scsi&m=147394796228991&w=2 http://www.openwall.com/lists/oss-security/2016/09/17/2 http://www.securityfocus.com/bid/93037 http://www.ubuntu.com/usn/USN-3144-1 http://www.ubuntu.com/usn/USN-3144-2 http://www.ubuntu.com/usn/USN-3145-1 http://www.ubuntu.com/usn/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6327 – kernel: infiniband: Kernel crash by sending ABORT_TASK command
https://notcve.org/view.php?id=CVE-2016-6327
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. drivers/infiniband/ulp/srpt/ib_srpt.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) usando un comando ABORT_TASK para abortar una operación de escritura de dispositivo. System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf879bc9ce96590400a87897c7498463 http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1 http://www.openwall.com/lists/oss-security/2016/08/19/5 http://www.securityfocus.com/bid/92549 https://bugzilla.redhat.com/show_bug.cgi?id=1354525 https://github.com/torvalds/linux/commit/51093254bf879bc9c • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8956 – kernel: NULL dereference in RFCOMM bind callback
https://notcve.org/view.php?id=CVE-2015-8956
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. La función rfcomm_sock_bind en net/bluetooth/rfcomm/sock.c en el kernel de Linux en versiones anteriores a 4.2 permite a usuarios locales obtener información sensible o provocar una denegación de servicio (referencia a puntero NULL) a través de vectores relacionados con una llamada de sistema enlazada en un enchufe Bluetooth RFCOMM. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=951b6a0717db97ce420547222647bcc40bf1eacd http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/93326 https://github.com/torvalds/linux/commit/951b6a0717db97ce420547222647bcc40bf1eacd https://access.redhat.com/security/cve/CVE-2015-8956 https://bugzilla.redhat.com/show_bug.cgi?id=1383395 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8950
https://notcve.org/view.php?id=CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. arch/arm64/mm/dma-mapping.c en el kernel de Linux en versiones anteriores a 4.0.3, como es usado en el subsistema ION en Android y otros productos, no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel desencadenando una llamada dma_mmap. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5 http://source.android.com/security/bulletin/2016-10-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3 http://www.securityfocus.com/bid/93318 https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8955
https://notcve.org/view.php?id=CVE-2015-8955
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. arch/arm64/kernel/perf_event.c en el kernel de Linux en versiones anteriores a 4.1 en plataformas arm64 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (puntero de referencia no valido) a través de vectores relacionados con eventos que son manejados incorrectamente durante un lapso de múltiples HW PMUs. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fff105e13041e49b82f92eef034f363a6b1c071 http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/93314 https://github.com/torvalds/linux/commit/8fff105e13041e49b82f92eef034f363a6b1c071 • CWE-264: Permissions, Privileges, and Access Controls •