CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8963
https://notcve.org/view.php?id=CVE-2015-8963
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. Condición de carrera en la funcionalidad kernel/events/core.c en el kernel de Linux en versiones anteriores a 4.4 permite a los usuarios locales obtener privilegios o provocar una denegación de servicio al utilizar un manejo incorrecto de una estructura de datos de swevent durante una operación de desenchufado de la CPU. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12ca6ad2e3a896256f086497a7c7406a547ee373 http://source.android.com/security/bulletin/2016-11-01.html http://www.securityfocus.com/bid/94207 https://github.com/torvalds/linux/commit/12ca6ad2e3a896256f086497a7c7406a547ee373 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 2CVE-2016-7910 – kernel: Use after free in seq file
https://notcve.org/view.php?id=CVE-2016-7910
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. Vulnerabilidad de uso después de liberación de memoria en la función disk_seqf_stop en block/genhd.c en el kernel de Linux en versiones anteriores a 4.7.1 permite a usuarios locales obtener privilegios aprovechando la ejecución de una cierta operación de parada incluso si la operación de arranque correspondiente hubiera fallado. A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84 http://source.android.com/security/bulletin/2016-11-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1 http://www.securityfocus.com/bid/94135 https://access.redhat.com/errata/RHSA-2017:0892 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://gi • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7912
https://notcve.org/view.php?id=CVE-2016-7912
Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. Vulnerabilidad de uso después de liberación de memoria en la función ffs_user_copy_worker en drivers/usb/gadget/function/f_fs.c en el kernel de Linux en versiones anteriores a 4.5.3 permite a usuarios locales obtener privilegios accediendo a una estructura de datos I/O despues de cierta devolución de llamada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a http://source.android.com/security/bulletin/2016-11-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3 http://www.securityfocus.com/bid/94197 https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7914 – kernel: assoc_array: don't call compare_object() on a node
https://notcve.org/view.php?id=CVE-2016-7914
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. La función assoc_array_insert_into_terminal_node en lib/assoc_array.c en el kernel de Linux en versiones anteriores a 4.5.3 no comprueba una ranura en una hoja, lo que permite a usuarios locales obtener información sensible de la memoria del núcleo o provocar una denegación de servicio (referencia a un puntero no válido y lectura fuera de rango) a través de una aplicación que utiliza estructuras de datos asociative-array, como lo demuestra el conjunto de pruebas de keyutils. The assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2 http://rhn.redhat.com/errata/RHSA-2016-2574.html http://source.android.com/security/bulletin/2016-11-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3 http://www.securityfocus.com/bid/94138 https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2 https://access.redhat.com/security/cve/CVE-2016-7914 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7916
https://notcve.org/view.php?id=CVE-2016-7916
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. La condición de carrera en la función environ_read en fs / proc / base.c en el kernel de Linux antes de 4.5.4 permite a usuarios locales obtener información sensible de la memoria del kernel leyendo un archivo / proc / * / environ durante un intervalo de tiempo de configuración del proceso cuya copia de variabilidad de entorno es incompleta. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3 http://source.android.com/security/bulletin/2016-11-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4 http://www.securityfocus.com/bid/94138 http://www.ubuntu.com/usn/USN-3159-1 http://www.ubuntu.com/usn/USN-3159-2 https://bugzilla.kernel.org/show_bug.cgi?id=116461 https://forums.grsecurity.net/viewtopic.php?f=3&t=4363 https://gith • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •