CVE-2016-4485
https://notcve.org/view.php?id=CVE-2016-4485
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. La función llc_cmsg_rcv en net/llc/af_llc.c en el kernel de Linux en versiones anteriores a 4.5.5 no inicializa una estructura de datos determinada, lo que permite a atacantes obtener información sensible del kernel de memoria de pila leyendo un mensaje. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://www.debian.org/security/2016/dsa-3607 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 http://www.openwall.com/lists/oss-security/2016/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-4482
https://notcve.org/view.php?id=CVE-2016-4482
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. La función proc_connectinfo en drivers/usb/core/devio.c en el kernel de Linux hasta la versión 4.6 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través de una llamada USBDEVFS_CONNECTINFO ioctl manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-4951
https://notcve.org/view.php?id=CVE-2016-4951
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. La función tipc_nl_publ_dump en net/tipc/socket.c en el kernel de Linux hasta la versión 4.6 no verifica la existencia del socket, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) o posiblemente tener otro impacto no especificado a través de una operación dumpit. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45e093ae2830cd1264677d47ff9a95a71f5d9f9c http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.openwall.net/netdev/2016/05/14/28 http://www.openwall.com/lists/oss-security/2016/05/21/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.ubuntu.com/usn/USN-3016-1 http •
CVE-2016-4581 – kernel: Slave being first propagated copy causes oops in propagate_mnt
https://notcve.org/view.php?id=CVE-2016-4581
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. fs/pnode.c en el kernel de Linux en versiones anteriores a 4.5.4 no cruza adecuadamente la propagación del montaje de árbol en un determinado caso implicando un montaje esclavo, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y OOPS) a través de una serie de llamadas de soporte manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.debian.org/security/2016/dsa-3607 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4 http://www.openwall.com/lists/oss-security/2016/05/11/2 http://www.oracle.com/ • CWE-476: NULL Pointer Dereference •
CVE-2016-4913 – kernel: Information leak when handling NM entries containing NUL
https://notcve.org/view.php?id=CVE-2016-4913
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. La función get_rock_ridge_filename en fs/isofs/rock.c en el kernel de Linux en versiones anteriores a 4.5.5 no maneja correctamente entradas NM (también conocidas como alternate name) que contienen caracteres \0, lo que permite a usuarios locales obtener información sensible del kernel de memoria o posiblemente tener otro impacto no especificado a través de un sistema de archivo isofs manipulado. A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://www.debian.org/security/2016/dsa-3607 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 http://www.openwall.com/lists/oss-security/2016/05/18/3 http://www.openwall.com/lists/oss-security/2016/05/18/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •