CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8632
https://notcve.org/view.php?id=CVE-2016-8632
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. La función tipc_msg_build en net/tipc/msg.c en el kernel Linux hasta la versión 4.8.11 no valida la relación entre la longitud mínima de fragmento y el tamaño máximo de paquete, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) aprovechando la capacidad CAP_NET_ADMIN. • http://www.openwall.com/lists/oss-security/2016/11/08/5 http://www.securityfocus.com/bid/94211 https://bugzilla.redhat.com/show_bug.cgi?id=1390832 https://www.mail-archive.com/netdev%40vger.kernel.org/msg133205.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 43%CPEs: 7EXPL: 0CVE-2016-9555 – kernel: Slab out-of-bounds access in sctp_sf_ootb()
https://notcve.org/view.php?id=CVE-2016-9555
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. La función sctp_sf_ootb en net/sctp/sm_statefuns.c en el kernel Linux en versiones anteriores a 4.8.8 carece de comprobación de longitud de fragmento para el primer fragmento, lo que permite a atacantes remotos provocar una denegación de servicio (acceso slab fuera de límites) o tener otro posible impacto no especificado a través de datos SCTP manipulados. A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html http://lists.opensuse.org • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 0CVE-2016-8633 – kernel: Buffer overflow in firewire driver via crafted incoming packets
https://notcve.org/view.php?id=CVE-2016-8633
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. drivers/firewire/net.c en el kernel Linux en versiones anteriores a 4.8.7, en ciertas configuraciones de hardware no usuales, permite a atacantes remotos ejecutar un código arbitrario a través de paquetes fragmentados manipulados. A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7 http://www.openwall.com/lists/oss-security/2016/11/06/1 http://www.securityfocus.com/bid/94149 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8964
https://notcve.org/view.php?id=CVE-2015-8964
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. La función tty_set_termios_ldisc en drivers/tty/tty_ldisc.c enel kernel de Linux en versiones anteriores a 4.5 permite a los usuarios locales obtener información sensible de la memoria del kernel mediante la lectura de una estructura de datos tty. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc http://source.android.com/security/bulletin/2016-11-01.html http://www.securityfocus.com/bid/94138 https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-7913 – kernel: media: use-after-free in [tuner-xc2028] media driver
https://notcve.org/view.php?id=CVE-2016-7913
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. La función xc2028_set_config en drivers/media/tuners/tuner-xc2028.c en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) mediante vectores que implican la omisión del nombre de firmware de una determinada estructura de datos. The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 http://source.android.com/security/bulletin/2016-11-01.html http://www.securityfocus.com/bid/94201 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 https://usn&# • CWE-416: Use After Free •