CVE-2015-7513
https://notcve.org/view.php?id=CVE-2015-7513
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. arch/x86/kvm/x86.c en el kernel de Linux en versiones anteriores a 4.4 no reinicia los valores del contador PIT durante la restauración del estado, lo que permite a usuarios invitados del SO provocar una denegación de servicio (error de división por cero y caída del host del SO) a través del valor cero, relacionado con las funciones kvm_vm_ioctl_set_pit y kvm_vm_ioctl_set_pit2. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html http://www.debian.org/security/2016/dsa-3434 http://www.openwall.com/lists/oss-security/2016/01/07/2 http://www.securityfocus.com/bid/79901 ht • CWE-369: Divide By Zero •
CVE-2015-8660 – Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8660
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. La función ovl_setattr en fs/overlayfs/inode.c en el kernel de Linux hasta la versión 4.3.3 trata de fusionar distintas operaciones setattr, lo que permite a usuarios locales eludir las restricciones destinadas al acceso y modificar los atributos de archivos overlay arbitrarios a través de una aplicación manipulada. • https://www.exploit-db.com/exploits/40688 https://www.exploit-db.com/exploits/39166 https://www.exploit-db.com/exploits/39230 https://github.com/whu-enjoy/CVE-2015-8660 https://github.com/nhamle2/CVE-2015-8660 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html http://lists • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2015-8569
https://notcve.org/view.php?id=CVE-2015-8569
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. Las funciones (1) pptp_bind y (2) pptp_connect en drivers/net/ppp/pptp.c en el kernel de Linux hasta la versión 4.3.3 no verifican la longitud de una dirección, lo que permite a usuarios locales obtener información sensible de la memoria del kernel y eludir el mecanismo de protección KASLR a través de una aplicación manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://twitter.com/grsecurity/statuses/676744240802750464 http://www.debian.org/security/2016/d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-8551
https://notcve.org/view.php?id=CVE-2015-8551
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." El controlador backend PCI en Xen, cuando se ejecuta en un sistema x86 y utiliza Linux 3.1.x hasta la versión 4.3.x como dominio de controlador, permite a administradores locales invitados alcanzar condiciones de BUG y provocar una denegación de servicio (referencia a puntero NULL y caída de SO anfitrión) aprovechando un sistema con acceso a un dispositivo físico PCI capaz de pasar a través de MSI o MSI-X y una secuencia de operaciones XEN_PCI_OP_* manipulada, también conocido como "Linux pciback missing sanity checks". • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-476: NULL Pointer Dereference •
CVE-2013-7446
https://notcve.org/view.php?id=CVE-2013-7446
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. Vulnerabilidad de uso después de la liberación de la memoria en net/unix/af_unix.c en el kernel de Linux en versiones anteriores a 4.3.3 permite a usuarios locales eludir los permisos destinados al socket AF_UNIX o provocar una denegación de servicio (panic) a través de llamadas epoll_ctl manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html http://lists.opensuse.org •