CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2041
https://notcve.org/view.php?id=CVE-2015-2041
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. net/llc/sysctl_net_llc.c en el kernel de Linux anterior a 3.19 utiliza un tipo de datos incorrecto en una tabla sysctl, lo que permite a usuarios locales obtener información sensible de la memoria del kernel o posiblemente tener otro impacto no especificado mediante el acceso a una entrada sysctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://www.debian.org/security/2015/dsa-3237 http://www.openwall.com/lists/oss-secu • CWE-17: DEPRECATED: Code •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0777
https://notcve.org/view.php?id=CVE-2015-0777
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. drivers/xen/usbback/usbback.c en linux-2.6.18-xen-3.4.0 (también conocido como los parches de soporte Xen 3.4.x para el kernel de Linux 2.6.18), utilizado en el kernel de Linux 2.6.x y 3.x en SUSE Linux distributions, permite a usuarios del sistema operativo invitado obtener información sensible de localizaciones no inicializadas en la memoria del kernel del sistema operativo anfitrión a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://www.securityfocus.com/bid/73921 https://bugzilla.novell.com/show_bug.cgi?id=917830 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 32EXPL: 0CVE-2015-2150
https://notcve.org/view.php?id=CVE-2015-2150
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Xen 3.3.x hasta la versión 4.5.x y en el kernel de Linux hasta la versión 3.19.1 no restringe adecuadamente el acceso al registro de comandos PCI, lo que podría permitir a usuarios locales del SO invitados provocar una denegación de servicio (interrupción no enmascarable y caída del host) deshabilitando (1) la memoria o (2) la descodificación I/O para un dispositivo PCI Express posteriormente accediendo al dispositivo, lo que desencadena una respuesta Unsupported Request (UR). • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html http • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0CVE-2014-8159 – kernel: infiniband: uverbs: unprotected physical memory access
https://notcve.org/view.php?id=CVE-2014-8159
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. La implementación InfiniBand (IB) en el paquete del kernel de Linux anterior a 2.6.32-504.12.2 en Red Hat Enterprise Linux (RHEL) 6 no restringe adecuadamente el uso de User Verbs para el registro de regiones de memoria, lo que permite a usaurios locales acceder de forma arbitraria a ubicaciones de la memoria física, y consecuentemente causar una denegación de servicio (caída del sistema) u obtener privilegios, aprovechando permisos en un dispositivo uverbs bajo /dev/infiniband/. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg0001 • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8172 – kernel: soft lockup on aio
https://notcve.org/view.php?id=CVE-2014-8172
The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. La implementación del sistema de fichero en el Kernel de Linux anterior a 3.13 realizar ciertas operaciones en listas de archivos con un inapropiado bloqueo, lo que permite a usuarios locales causar una denegación de servicio (bloqueo blando 'soft lockup' o caída del sistema) a través del uso de operaciones Asynchronous I/O (AIO) no especificadas. It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eee5cc2702929fd41cce28058dc6d6717f723f87 http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0694.html http://www.openwall.com/lists/oss-security/2015/03/09/3 https://bugzilla.redhat.com/show_bug.cgi?id=1198503 https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87 https://access.redhat.com/security/cve/CVE-2014-8172 • CWE-17: DEPRECATED: Code •