CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8374 – kernel: Information leak when truncating of compressed/inlined extents on BTRFS
https://notcve.org/view.php?id=CVE-2015-8374
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. fs/btrfs/inode.c en el kernel de Linux en versiones anteriores a 4.3.3 no maneja correctamente extensiones en línea comprimidas, lo que permite a usuarios locales obtener información sensible previa al truncamiento desde un archivo a través de una acción clone. An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly decremented, which gave the wrong report for callers of the stat(2) syscall. This wasted metadata space and allowed for the truncated data to be leaked, and data corruption or loss to occur. A caller of the clone ioctl could exploit this flaw by using only standard file-system operations without root access to read the truncated data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.debian.org/security/2015/dsa-3426 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 http://www.openwall.com/lists/oss-security/2015/11/27/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.co • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8543 – kernel: IPv6 connect causes DoS via NULL pointer dereference
https://notcve.org/view.php?id=CVE-2015-8543
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. La implementación de redes en el kernel de Linux hasta la versión 4.3.3, tal como se utiliza en Android y otros productos, no valida identificadores de protocolo para ciertas familias de protocolos, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero de función NULL y caída de sistema) o posiblemente obtener privilegios mediante el aprovechamiento de soporte CLONE_NEWUSER para ejecutar una aplicación SOCK_RAW manipulada. A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://rhn.redhat.com/errata/RHSA-2016-0855.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http:// • CWE-476: NULL Pointer Dereference •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7884
https://notcve.org/view.php?id=CVE-2015-7884
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. La función vivid_fb_ioctl en drivers/media/platform/vivid/vivid-osd.c en el kernel de Linux hasta la versión 4.3.3 no inicializa cierto miembro de estructura, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una aplicación manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.openwall.com/lists/oss-security/2015/10/21/8 http://www.securityfocus.com/bid/77317 http://www.securitytracker.com/id/1034893 http://www.ubuntu.com/usn/USN-2842-1 http://www.ubuntu.com/usn/USN-2842-2 http://www.ubuntu.com/usn/USN-2843-1 http://www.ubuntu.com/usn/USN&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7885
https://notcve.org/view.php?id=CVE-2015-7885
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. La función dgnc_mgmt_ioctl en drivers/staging/dgnc/dgnc_mgmt.c en el kernel de Linux hasta la versión 4.3.3 no inicializa cierto miembro de estructura, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una aplicación manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05 http://www.openwall.com/lists/oss-security/2015/10/21/8 http://www.securityfocus.com/bid/77317 http://www.securitytracker.com/id/1034896 http://www.ubuntu.com/usn/USN-2841-1 http://www.ubuntu.com/usn/USN-2841-2 http://www.ubuntu.com/usn/USN-2842-1 http://www.ubuntu.com/usn/USN-2842-2 http://www.ubuntu.com/usn/USN-2843-1 http://www.ubun • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2015-4170 – kernel: pty layer race condition on tty ldisc shutdown.
https://notcve.org/view.php?id=CVE-2015-4170
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. Condición de carrera en la función ldsem_cmpxchg en drivers/tty/tty_ldsem.c en el kernel de Linux en versiones anteriores a 3.13-rc4-next-20131218 permite a usuarios locales provocar una denegación de servicio (interbloqueo de ldsem_down_read y ldsem_down_write) estableciendo un nuevo hilo tty durante la desconexión de un hilo tty previo. A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae http://www.openwall.com/lists/oss-security/2015/05/26/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74820 https://access.redhat.com/errata/RHSA-2016:1395 https://bugzilla.redhat.com/show_bug.cgi?id=1218879 https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae https://www.kernel.org/pub/linu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •