CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9756
https://notcve.org/view.php?id=CVE-2016-9756
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. arch/x86/kvm/emulate.c en el kernel de Linux en versiones anteriores a 4.8.12 no inicializa adecuadamente Code Segment (CS) en ciertos casos de error, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través de una aplicación manipulada. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12 http://www.openwall.com/lists/oss-security/2016/12/01/1 http://www.securityfocus.com/bid/94615 https://bugzilla.redhat.com/show_bug.cgi?id=1400468 https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9777
https://notcve.org/view.php?id=CVE-2016-9777
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. KVM en el kernel de Linux en versiones anteriores a 4.8.12, cuando se habilita I/O APIC, no restringe adecuadamente el índice VCPU, lo que permite a usuarios de SO invitados obtener privilegios del SO de anfitrión o provocar una denegación de servicio (acceso al array fuera de rango y caída del SO anfitrión) a través de una petición interrumpida manipulada, relacionado con arch/x86/kvm/ioapic.c y arch/x86/kvm/ioapic.h. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12 http://www.openwall.com/lists/oss-security/2016/12/02/2 http://www.securityfocus.com/bid/94640 https://bugzilla.redhat.com/show_bug.cgi?id=1400804 https://github.com/torvalds/linux/commit/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9794 – kernel: ALSA: Use-after-free in kill_fasync
https://notcve.org/view.php?id=CVE-2016-9794
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. Condición de carrera en la función snd_pcm_period_elapsed en sound/core/pcm_lib.c en el subsistema de ALSA en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de un comando SNDRV_PCM_TRIGGER_START manipulado. A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html http://lists.opensuse.org • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9755
https://notcve.org/view.php?id=CVE-2016-9755
The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. El subsistema netfilter en el kernel de Linux en versiones anteriores a 4.9 no maneja adecuadamente reensamblaje IPv6, lo que permite a usuarios locales provocar una denegación de servicio (desbordamiento de entero, escritura fuera de límites y GPF) o posiblemente tener otro impacto no especificado a través de una aplicación manipulada que hace un socket, conecta y escribe llamadas al sistema, relacionado con net/ipv6/netfilter/nf_conntrack_reasm.c y net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa http://www.openwall.com/lists/oss-security/2016/12/01/10 http://www.securityfocus.com/bid/94626 https://bugzilla.redhat.com/show_bug.cgi?id=1400904 https://github.com/torvalds/linux/commit/9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa https://groups.google.com/forum/#%21topic/syzkaller/GFbGpX7nTEo https://www.spinics.net/lists/netdev/msg407525.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2016-9793 – Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9793
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. La función sock_setsockopt en net/core/sock.c en el kernel de Linux en versiones anteriores a 4.8.14 no maneja adecuadamente valores negativos de sk_sndbuf y sk_rcvbuf, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente tener otros impactos no especificados aprovechando la capacidad CAP_NET_ADMIN para una llamada al sistema setsockopt manipulada con la opción (1) SO_SNDBUFFORCE o (2) SO_RCVBUFFORCE. A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. • https://www.exploit-db.com/exploits/41995 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14 http://www.openwall.com/lists/oss-security/2016/12/03/1 http://www.securityfocus.com/bid/94655 http://www.securitytracker.com/id/1037968 https://access.redhat.com/errata/RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0932 https://access.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •