CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-4998 – kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt
https://notcve.org/view.php?id=CVE-2016-4998
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. La implementación de setsockopt IPT_SO_SET_REPLACEIPT_SO_SET_REPLACE en el subsistema de netfilter en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales provocar una denegación de servicio (lectura fuera de límites) o posiblemente obtener información sensible de la memoria dinámica del kernel aprovechando el acceso root en el contenedor para proporcionar un valor de desplazamiento manipulado que lleva a cruzar un conjunto de reglas de un límite blob. An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-1847.html http://rhn.redhat.com/errata/RHSA-2016-1875.html http://rhn.redhat.com/errata/RHSA-2016-1883.html http://rhn.redhat.com/errata/RHSA-2017-0036.html http://www.debian.org/securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-5828 – Kernel: powerpc: tm: crash via exec system call on PPC
https://notcve.org/view.php?id=CVE-2016-5828
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. La función start_thread en arch/powerpc/kernel/process.c en el kernel de Linux hasta la versión 4.6.3 en plataformas powerpc no maneja adecuadamente el estado transaccional, lo que permite a usuarios locales provocar una denegación de servicio (estado de proceso inválido o excepción TM Bad Thing y caída de sistema) o posiblemente tener otro impacto no especificado iniciando y suspendiendo una transacción antes de una llamada de sistema exec. A vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://www.debian.org/security/2016/dsa-3616 http://www.openwall.com/lists/oss-security/2016/06/25/7 http://www.securityfocus.com/bid/91415 http://www.ubuntu.com/usn/USN-3070-1 http://www.ubuntu.com&# • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5728
https://notcve.org/view.php?id=CVE-2016-5728
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. Condición de carrera en la función vop_ioctl en drivers/misc/mic/vop/vop_vringh.c en el controlador MIC VOP en el kernel de Linux en versiones anteriores a 4.6.1 permite a usuarios locales obtener información sensible desde la memoria del kernel o causar una denegación de servicio (corrupción de memoria y caída del sistema) cambiando cierta cabecera, también conocida como vulnerabilidad "double fetch". • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bf292bfca94694a721449e3fd752493856710f6 http://www.debian.org/security/2016/dsa-3616 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1 http://www.securityfocus.com/archive/1/538802/30/0/threaded http://www.ubuntu.com/usn/USN-3070-1 http://www.ubuntu.com/usn/USN-3070-2 http://www.ubuntu.com/usn/USN-3070-3 http://www.ubuntu.com/usn/USN-3070-4 http://www.ubuntu.com/u • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5243
https://notcve.org/view.php?id=CVE-2016-5243
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. La función tipc_nl_compat_link_dump en net/tipc/netlink_compat.c en el kernel de Linux hasta la versión 4.6.3 no copia adecuadamente una cierta cadena, lo que permite a usuarios locales obtener información sensible de la memoria de pila del kernel leyendo un mensaje Netlink. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d2be1422e02ccd697ccfcd45c85b4a26e6178e2 http://www.debian.org/security/2016/dsa-3607 http://www.openwall.com/lists/oss-security/2016/06/03/4 http://www.securityfocus.com/bid/91334 http://www.ubuntu.com/usn/USN-3049-1 http://www.ubuntu.com/usn/USN-3050-1 http://www.ubuntu.com/usn/USN-3051-1 http://www.ubuntu.com/usn/USN-3052-1 http://www.ubuntu.com/usn/USN-3053-1 http:// • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-9904
https://notcve.org/view.php?id=CVE-2014-9904
The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. La función snd_compress_check_input en sound/core/compress_offload.c en el subsistema ALSA en el kernel de Linux en versiones anteriores a 3.17 no comprueba correctamente un desbordamiento de enteros, lo que permite a usuarios locales provocar una denegación de servicio (insuficiente asignación de memoría) o posiblemente tener otros impactos no especificados a través de una llamada SNDRV_COMPRESS_SET_PARAMS ioctl manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://www.debian.org/security/2016/dsa-3616 http://www.securityfocus.com/bid/91510 http://www.securitytracker.com/id/1036189 https://github.com/torvalds/linux/c •