CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 1CVE-2014-9585 – kernel: ASLR bruteforce possible for vdso library
https://notcve.org/view.php?id=CVE-2014-9585
09 Jan 2015 — The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. La función vdso_addr en arch/x86/vdso/vma.c en el kernel de Linux hasta 3.18.2 no elige correctamente localizaciones de memoria para la área vDSO, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la adivinación de ... • http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2 •
CVSS: 7.8EPSS: 8%CPEs: 3EXPL: 0CVE-2014-9428
https://notcve.org/view.php?id=CVE-2014-9428
02 Jan 2015 — The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. La función batadv_frag_merge_packets en net/batman-adv/fragmentation.c en la implementación B.A.T.M.A.N. en el kernel de Linux hasta 3.18.1 utiliza un campo de longitud incorrecto duran... • http://bugs.debian.org/774155 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9419 – kernel: partial ASLR bypass through TLS base addresses leak
https://notcve.org/view.php?id=CVE-2014-9419
26 Dec 2014 — The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. La función The __switch_to en arch/x86/kernel/process_64.c en el Kernel de Linux a través de 3.18.1 no asegura que los descriptores Thread Local Storage (TLS) se carguen antes de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f647d7c155f069c1a068030255c300663516420e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9420 – Kernel: fs: isofs: infinite loop in CE record entries
https://notcve.org/view.php?id=CVE-2014-9420
26 Dec 2014 — The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. La función rock_continue en fs/isofs/rock.c en el Kernel de Linux a través de 3.18.1 no limita el número entradas de Rock Ridge, lo que permite a usuarios locales causar una denegación de servicio (vuelvas infinitas, y caída o cuelgue del si... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 5CVE-2014-4322 – Nexus 5 Android 5.0 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4322
24 Dec 2014 — drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application. drivers/misc/qseecom.c en el driver QSEECOM del Kernel de Linux 3.x utilizada en las contribuciones de Android Qualcomm Innovation Center (Q... • https://www.exploit-db.com/exploits/35711 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 434EXPL: 0CVE-2014-8133 – kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS
https://notcve.org/view.php?id=CVE-2014-8133
17 Dec 2014 — arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. arch/x86/kernel/tls.c en la implementación Thread Local Storage (TLS) en el kernel de Linux hasta 3.18.1 permite a usuarios locales evadir el mecanismo de ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=41bdc78544b8a93a9c6814b8bbbfef966272abbe • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 4CVE-2014-9322 – Linux Kernel - 'BadIRET' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9322
16 Dec 2014 — arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. arch/x86/kernel/entry_64.S en el kernel de Linux anterior a 3.17.5 no maneja correctamente los fallos asociados con el registro de segmento Stack Segment (SS), lo que permite a usuarios locales ganar privilegios mediante... • https://www.exploit-db.com/exploits/44205 • CWE-269: Improper Privilege Management CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 1CVE-2014-8134 – kernel: x86: espfix not working for 32-bit KVM paravirt guests
https://notcve.org/view.php?id=CVE-2014-8134
12 Dec 2014 — The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. La función paravirt_ops_setup en arch/x86/kernel/kvm.c en el kernel de Linux hasta 3.18 utiliza una configuración paravirt_enabled indebida para los kernels KVM invitados, lo que facilita a usuarios invitados del sistema op... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4323
https://notcve.org/view.php?id=CVE-2014-4323
12 Dec 2014 — The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application. La función mdp_lut_hw_update en drivers/video/msm/mdp.c en el controlador de la pantalla de MDP para el kernel de Linux 3.x, utilizada en las contribuciones d... • https://github.com/marcograss/cve-2014-4323 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5313 – kernel: kvm: reporting emulation failures to userspace
https://notcve.org/view.php?id=CVE-2010-5313
30 Nov 2014 — Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. Condición de carrera en arch/x86/kvm/x86.c en el kernel de Linux anterior a 2.6.38 permite a usuarios del sistema operativo L2 invitado causar una denegación de servicio (caída del sistema operativo L1 invitado) a través de una instrucción manipulada que provoc... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc3a9157d3148ab91039c75423da8ef97be3e105 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •