CVSS: 4.9EPSS: 0%CPEs: 32EXPL: 0CVE-2015-2150
https://notcve.org/view.php?id=CVE-2015-2150
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Xen 3.3.x hasta la versión 4.5.x y en el kernel de Linux hasta la versión 3.19.1 no restringe adecuadamente el acceso al registro de comandos PCI, lo que podría permitir a usuarios locales del SO invitados provocar una denegación de servicio (interrupción no enmascarable y caída del host) deshabilitando (1) la memoria o (2) la descodificación I/O para un dispositivo PCI Express posteriormente accediendo al dispositivo, lo que desencadena una respuesta Unsupported Request (UR). • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html http • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0CVE-2014-8159 – kernel: infiniband: uverbs: unprotected physical memory access
https://notcve.org/view.php?id=CVE-2014-8159
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. La implementación InfiniBand (IB) en el paquete del kernel de Linux anterior a 2.6.32-504.12.2 en Red Hat Enterprise Linux (RHEL) 6 no restringe adecuadamente el uso de User Verbs para el registro de regiones de memoria, lo que permite a usaurios locales acceder de forma arbitraria a ubicaciones de la memoria física, y consecuentemente causar una denegación de servicio (caída del sistema) u obtener privilegios, aprovechando permisos en un dispositivo uverbs bajo /dev/infiniband/. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg0001 • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8173 – kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support
https://notcve.org/view.php?id=CVE-2014-8173
The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock. La función pmd_none_or_trans_huge_or_clear_bad en include/asm-generic/pgtable.h en el Kernel de Linux anterior a 3.13 en sistemas NUMA no determina adecuadamente si una entrada de direcotrio Page Middle Directory (PMD) es una entrada transparente de huge-table, lo que permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída del sistema) o la posibilidad de tener otro impacto no especificado a través de una llamada al sistema MADV_WILLNEED que se aprovecha de la ausencia del bloqueo de la tabla de páginas. A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee53664bda169f519ce3c6a22d378f0b946c8178 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0694.html https://bugzilla.redhat.com/show_bug.cgi?id=1198457 https://github.com/torvalds/linux/commit/ee53664bda169f519ce3c6a22d378f0b946c8178 https://access.redhat.com/security/cve/CVE-2014-8173 • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8172 – kernel: soft lockup on aio
https://notcve.org/view.php?id=CVE-2014-8172
The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. La implementación del sistema de fichero en el Kernel de Linux anterior a 3.13 realizar ciertas operaciones en listas de archivos con un inapropiado bloqueo, lo que permite a usuarios locales causar una denegación de servicio (bloqueo blando 'soft lockup' o caída del sistema) a través del uso de operaciones Asynchronous I/O (AIO) no especificadas. It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eee5cc2702929fd41cce28058dc6d6717f723f87 http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0694.html http://www.openwall.com/lists/oss-security/2015/03/09/3 https://bugzilla.redhat.com/show_bug.cgi?id=1198503 https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87 https://access.redhat.com/security/cve/CVE-2014-8172 • CWE-17: DEPRECATED: Code •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0274 – kernel: xfs: replacing remote attributes memory corruption
https://notcve.org/view.php?id=CVE-2015-0274
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. La implementación XFS en el Kernel de Linux anterior a 3.15 utiliza inadecuadamente un valor de tamaño antiguo durante el reemplazo del atributo remoto, lo que permite a usuarios locales causar una denegación de servicio (transacción de saturación y corrupción de datos) o la posibilidad de obtener privilegios aprovechando el acceso al sistema de archivos XFS. A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0694.html http://www.securitytracker.com/id/1031853 http://www.ubuntu.com/usn/USN-2543-1 http://www.ubuntu.com/usn/USN-2544-1 https://bugzilla.redhat.com/show_bug.cgi?id=1195248 https://github.com/torvalds/linux/commit/8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 https://access.re • CWE-19: Data Processing Errors •