CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2666 – kernel: execution in the early microcode loader
https://notcve.org/view.php?id=CVE-2015-2666
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. Desbordamiento de buffer basado en pila en la función get_matching_model_microcode en arch/x86/kernel/cpu/microcode/intel_early.c en el kernel de Linux anterior a 4.0 permite a atacantes dependientes de contexto ganar privilegios mediante la construcción de una cabecera de microcódigo manipulada y el aprovechamiento de privilegios root para acceso de escritura al initrd. A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html http://rhn.redhat.com/errata/RHSA-2015-1534.html http://www.openwall.com/lists/oss-security/2015/03/20/18 http://www.securitytracker.com/id/1032414 https://bugzilla.redhat.com/show_bug.cgi?id=1204722 https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 https://access.redha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 1%CPEs: 9EXPL: 2CVE-2015-2922 – kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
https://notcve.org/view.php?id=CVE-2015-2922
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La función ndisc_router_discovery en net/ipv6/ndisc.c en la implementación de protocolo Neighbor Discovery (ND) en la pila IPv6 en el kernel de Linux anterior a 3.19.6 permite a atacantes remotos reconfigurar una configuración 'hop-limit' a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http:&# • CWE-17: DEPRECATED: Code CWE-454: External Initialization of Trusted Variables or Data Stores •
CVSS: 2.1EPSS: 0%CPEs: 39EXPL: 1CVE-2014-9585 – kernel: ASLR bruteforce possible for vdso library
https://notcve.org/view.php?id=CVE-2014-9585
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. La función vdso_addr en arch/x86/vdso/vma.c en el kernel de Linux hasta 3.18.2 no elige correctamente localizaciones de memoria para la área vDSO, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la adivinación de una localización al final de un PMD. An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. • http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2 http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg0 •
CVSS: 6.9EPSS: 0%CPEs: 39EXPL: 0CVE-2014-9529 – kernel: use-after-free during key garbage collection
https://notcve.org/view.php?id=CVE-2014-9529
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Condición de carrera en la función key_gc_unused_keys en security/keys/gc.c en el kernel de Linux hasta 3.18.2 permite a usuarios locales causar una denegación de servicio (corrupción de memoria o pánico) o posiblemente tener otro impacto no especificado a través de comandos keyctl que provocan el acceso a un miembro de la estructura clave durante la recogida de basura de una clave. A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://rhn.redhat.com/errata/RHSA-2015-1137.html http://rhn.redhat.com/errata/RHSA-2015-1138& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2678 – kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()
https://notcve.org/view.php?id=CVE-2014-2678
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_iw_laddr_check en net/rds/iw.c en el kernel de Linux hasta 3.14 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída de sistema) o posiblemente tener otro impacto no especificado a través de una llamada de sistema bind para un socket RDS en un sistema que carece de transportes RDS. A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. • http://linux.oracle.com/errata/ELSA-2014-0926-1.html http://linux.oracle.com/errata/ELSA-2014-0926.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html http://secunia.com/advisories/59386 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 http://www.openwall.com/lists/oss-security/2014/03/31/10 http://www.securityfocus.com/bid/66543 https://lkml.org/lkml/2014/3/29/188 https://access.redhat.com/security/cve/CV • CWE-476: NULL Pointer Dereference •