CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9083 – kernel: State machine confusion bug in vfio driver leading to memory corruption
https://notcve.org/view.php?id=CVE-2016-9083
28 Nov 2016 — drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." drivers/vfio/pci/vfio_pci.c en el kernel Linux hasta la versión 4.8.11 permite a usuarios locales eludir comprobaciones de desbordamiento de enteros, y provocar una denegación de servicio ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-391: Unchecked Error Condition •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8646 – kernel: Oops in shash_async_export()
https://notcve.org/view.php?id=CVE-2016-8646
28 Nov 2016 — The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. La función hash_accept en crypto/algif_hash.c en el kernel Linux en versiones anteriores a 4.3.6 permite a usuarios locales provocar una denegación de servicio (OOPS) intentando desencadenar el uso de algoritmos hash in-kernel para un enchufe que ha recibido cero byt... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9313 – Ubuntu Security Notice USN-3162-1
https://notcve.org/view.php?id=CVE-2016-9313
28 Nov 2016 — security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. security/keys/big_key.c en el kernel Linux en versiones anteriores a 4.8.7 maneja incorrectamente un registro criptográfico no exitoso en conjunción con un registro ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8650 – kernel: Null pointer dereference via keyctl
https://notcve.org/view.php?id=CVE-2016-8650
28 Nov 2016 — The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. La función mpi_powm en lib/mpi/mpi-pow.c en el kernel Linux hasta la versión 4.8.11 no se asegura que la memoria esté alojada para datos limb, lo que permite a usuarios locales provocar una denegación de servicio (corrupción... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8632 – Ubuntu Security Notice USN-3312-2
https://notcve.org/view.php?id=CVE-2016-8632
28 Nov 2016 — The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. La función tipc_msg_build en net/tipc/msg.c en el kernel Linux hasta la versión 4.8.11 no valida la relación entre la longitud mínima de fragmento y el tamaño máximo de paquete, lo que ... • http://www.openwall.com/lists/oss-security/2016/11/08/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 43%CPEs: 7EXPL: 0CVE-2016-9555 – kernel: Slab out-of-bounds access in sctp_sf_ootb()
https://notcve.org/view.php?id=CVE-2016-9555
28 Nov 2016 — The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. La función sctp_sf_ootb en net/sctp/sm_statefuns.c en el kernel Linux en versiones anteriores a 4.8.8 carece de comprobación de longitud de fragmento para el primer fragmento, lo que permite a atacantes remotos provocar una d... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8970 – kernel: crypto: GPF in lrw_crypt caused by null-deref
https://notcve.org/view.php?id=CVE-2015-8970
28 Nov 2016 — crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. crypto/algif_skcipher.c en el kernel Linux en versiones anteriores a 4.4.2 no verifica que una operación setkey haya sido llevada ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7917 – Ubuntu Security Notice USN-3312-2
https://notcve.org/view.php?id=CVE-2016-7917
16 Nov 2016 — The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. La función nfnetlink_rcv_batch en net / netfilter / nfnetlink.c en el kernel de Linux en versiones anteriores a 4.5 no comprueba si el campo de longitud de un me... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c58d6c93680f28ac58984af61d0a7ebf4319c241 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 2CVE-2016-7910 – kernel: Use after free in seq file
https://notcve.org/view.php?id=CVE-2016-7910
16 Nov 2016 — Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. Vulnerabilidad de uso después de liberación de memoria en la función disk_seqf_stop en block/genhd.c en el kernel de Linux en versiones anteriores a 4.7.1 permite a usuarios locales obtener privilegios aprovechando la ejecución de una cierta operación de... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8963 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2015-8963
16 Nov 2016 — Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. Condición de carrera en la funcionalidad kernel/events/core.c en el kernel de Linux en versiones anteriores a 4.4 permite a los usuarios locales obtener privilegios o provocar una denegación de servicio al utilizar un manejo incorrecto de una estructura de datos de... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12ca6ad2e3a896256f086497a7c7406a547ee373 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •