CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4167
https://notcve.org/view.php?id=CVE-2015-4167
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. Vulnerabilidad en la función udf_read_inode en fs/udf/inode.c en el kernel de Linux en versiones anteriores a 3.19.1, no valida determinados valores de longitud, lo que permite a usuarios locales provocar una denegación de servicio (representación de datos incorrecta o desbordamiento de enteros y OOPS) a través de un sistema de archivos UDF manipulado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://www.debian.org/security/2015/dsa-3290 http://www.debian.org/security/2015/dsa-3313 • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 1CVE-2015-4036
https://notcve.org/view.php?id=CVE-2015-4036
Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. Vulnerabilidad de error de índice de Array en la función tcm_vhost_make_tpg en drivers/vhost/scsi.c en el kernel de Linux en versiones anteriores a 4.0, puede permitir a usuarios invitados del SO causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una llamada ioctl VHOST_SCSI_SET_ENDPOINT manipulada. NOTA: la función afectada fue renombrada como vhost_scsi_make_tpg antes del anuncio de la vulnerabilidad. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://www.openwall.com/lists/oss-security/2015/05/13/4 http://www.securityfocus.com/bid/74664 http://www.securitytracker.com/id/1033729 http://www.ubuntu.com/usn/USN-2633-1 http://www.ubuntu.com/usn/USN-2634-1 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0275 – kernel: fs: ext4: fallocate zero range page size > block size BUG()
https://notcve.org/view.php?id=CVE-2015-0275
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. La función ext4_zero_range en fs/ext4/extents.c en el kernel de Linux en versiones anteriores a 4.1 permite a usuarios locales provocar una denegación de servicio (BUG) a través de una petición de rango cero a fallocate manipulada. A flaw was found in the way the Linux kernel's ext4 file system handled the "page size > block size" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2af21aae11972fa924374ddcf52e88347cf5a8 http://rhn.redhat.com/errata/RHSA-2015-1778.html http://rhn.redhat.com/errata/RHSA-2015-1787.html http://www.openwall.com/lists/oss-security/2015/02/23/14 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/75139 http://www.securitytracker.com/id/1034454 http://www.spinics.net/lists/linux-ext4/msg47193.html ht • CWE-17: DEPRECATED: Code •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 2CVE-2015-3636 – kernel: ping sockets: use-after-free leading to local privilege escalation
https://notcve.org/view.php?id=CVE-2015-3636
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. Vulnerabilidad en la función ping_unhash en net/ipv4/ping.c en el kernel de Linux en versiones anteriores a 4.0.3, no inicializa una cierta estructura de datos de lista durante una operación unhash, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (uso después de liberación de memoria y caída del sistema) mediante el aprovechamiento de la capacidad de hacer una llamada a un socket de sistema SOCK_DGRAM para el protocolo IPROTO_ICMP o IPROTO_ICMPV6 y entonces hacer una llamada al sistema de conexión tras una desconexión. It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. • https://github.com/fi01/CVE-2015-3636 https://github.com/a7vinx/CVE-2015-3636 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http&# • CWE-416: Use After Free •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 0CVE-2015-4001
https://notcve.org/view.php?id=CVE-2015-4001
Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. Error de signo de enteros en la función oz_hcd_get_desc_cnf en drivers/staging/ozwpan/ozhcd.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 permite a atacantes remotos causar una denegación de servicio (caída de sistema) o posiblemente ejecutar código arbitrario a través de un paquete manipulado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74672 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 https://github.com/torvalds/linux/commit/b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c • CWE-189: Numeric Errors •