Page 556 of 2902 results (0.020 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2

CVE-2016-1576 – Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. La implementación de overlayfs en el kernel de Linux hasta la versión 4.5.2 no restringe correctamente el espacio de nombres de montaje, lo que permite a usuarios locales obtener privilegos montando un sistema de archivos overlayfs sobre un sistema de archivos FUSE y luego ejecutando un programa setuid manipulado. • https://www.exploit-db.com/exploits/41763 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation http://www.openwall.com/lists/oss-security/2016/02/24/8 http://www.openwall.com/lists/oss-security/2021/10/18/1 https://bugs.launchpad.net/bugs/1535150 https://launchpadlibrarian.net/23530009 •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-8539 – kernel: local privesc in key management

https://notcve.org/view.php?id=CVE-2015-8539

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. El subsistema KEYS en el kernel de Linux en versiones anteriores a 4.4 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (BUG) a través de comandos keyctl manipulados que instancia una clave negativamente, relacionado con security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c y security/keys/user_defined.c. A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html http://lists.opensuse.org • CWE-269: Improper Privilege Management CWE-667: Improper Locking •

CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-8785

https://notcve.org/view.php?id=CVE-2015-8785

The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. La función fuse_fill_write_pages en fs/fuse/file.c en el kernel de Linux en versiones anteriores a 4.4 permite a usuarios locales provocar una denegación de servicio (bucle infinito) a través de una llamada a sistema writev que desencadena una longitud cero para el primer segmento de un iov. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://www.debian.org • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2015-0569 – Linux Kernel 3.x/4.x - prima WLAN Driver Heap Overflow

https://notcve.org/view.php?id=CVE-2015-0569

Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter. Desbordamiento de buffer basado en memoria dinámica en la implementación de extensiones de wireless privadas IOCTL en wlan_hdd_wext.c en el controlador WLAN (también conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, permite a atacantes obtener privilegios a través de una aplicación manipulada que establece un filtro de paquetes. The Linux prima WLAN driver suffers from a heap overflow vulnerability. • https://www.exploit-db.com/exploits/39308 http://source.android.com/security/bulletin/2016-05-01.html http://www.securityfocus.com/bid/77691 https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-8767 – kernel: SCTP denial of service during timeout

https://notcve.org/view.php?id=CVE-2015-8767

net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. net/sctp/sm_sideeffect.c en el kernel de Linux en versiones anteriores a 4.3 no maneja adecuadamente la relación entre un bloqueo y un socket, lo que permite a usuarios locales provocar una denegación de servicio (interbloqueo) a través de una llamada sctp_accept manipulada. A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://rhn.redhat&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •