CVE-2015-4001
https://notcve.org/view.php?id=CVE-2015-4001
Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. Error de signo de enteros en la función oz_hcd_get_desc_cnf en drivers/staging/ozwpan/ozhcd.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 permite a atacantes remotos causar una denegación de servicio (caída de sistema) o posiblemente ejecutar código arbitrario a través de un paquete manipulado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74672 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 https://github.com/torvalds/linux/commit/b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c • CWE-189: Numeric Errors •
CVE-2015-4004
https://notcve.org/view.php?id=CVE-2015-4004
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. El controlador OZWPAN en el kernel de Linux hasta 4.0.5 depende de un campo de longitud no confiable durante el análisis sintáctico de paquetes, lo que permite a atacantes remotos obtener información sensible de la memoria del kernel o causar una denegación de servicio (lectura fuera de rango y caída de sistema) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74669 http://www.ubuntu.com/usn/USN-2989-1 http://www.ubuntu.com/usn/USN-2998-1 http://www.ubuntu.com/usn/USN-3000-1 http://www.ubuntu.com/usn/USN-3001-1 http://www.ubuntu.com/usn/USN-3002-1 http://www.ubuntu.com/usn/USN-3003-1 http://www.ubuntu.com/usn/USN-3004-1 https://lkml.org/lkml/2015/5/13/739 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-4002
https://notcve.org/view.php?id=CVE-2015-4002
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. drivers/staging/ozwpan/ozusbsvc1.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 no asegura que ciertas valores de longitud están lo suficientemente grandes, lo que permite a atacantes remotos causar una denegación de servicio (caída de sistema o bucle grande) o posiblemente ejecutar código arbitrario a través de un paquete manipulado, relacionado con las funciones (1) oz_usb_rx y (2) oz_usb_handle_ep_data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74668 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 https://github.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-4003
https://notcve.org/view.php?id=CVE-2015-4003
The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. La función oz_usb_handle_ep_data en drivers/staging/ozwpan/ozusbsvc1.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 permite a atacantes remotos causar una denegación de servicio (un error de dividir por cero y caída de sistema) a través de un paquete manipulado. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74668 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 https://github.com/torvalds/linux/commit/04bf464a5dfd9ade0dda918e44366c2c61fce80b • CWE-189: Numeric Errors •
CVE-2015-1805 – kernel: pipe: iovec overrun leading to memory corruption
https://notcve.org/view.php?id=CVE-2015-1805
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." Vulnerabilidad en las implementaciones (1) pipe_read y (2) pipe_write en fs/pipe.c en el kernel de Linux en versiones anteriores a 3.16, no considera correctamente los efectos secundarios de llamadas __copy_to_user_inatomic y __copy_from_user_inatomic fallidas, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios a través de una aplicación manipulada, también conocida como una 'saturación del array del vector I/O'. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • https://github.com/panyu6325/CVE-2015-1805 https://github.com/ireshchaminda1/Android-Privilege-Escalation-Remote-Access-Vulnerability-CVE-2015-1805 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html • CWE-17: DEPRECATED: Code •