CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 2CVE-2016-7910 – kernel: Use after free in seq file
https://notcve.org/view.php?id=CVE-2016-7910
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. Vulnerabilidad de uso después de liberación de memoria en la función disk_seqf_stop en block/genhd.c en el kernel de Linux en versiones anteriores a 4.7.1 permite a usuarios locales obtener privilegios aprovechando la ejecución de una cierta operación de parada incluso si la operación de arranque correspondiente hubiera fallado. A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84 http://source.android.com/security/bulletin/2016-11-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1 http://www.securityfocus.com/bid/94135 https://access.redhat.com/errata/RHSA-2017:0892 https://access.redhat.com/errata/RHSA-2017:1297 https://access.redhat.com/errata/RHSA-2017:1298 https://access.redhat.com/errata/RHSA-2017:1308 https://gi • CWE-416: Use After Free •
CVSS: 7.8EPSS: 81%CPEs: 41EXPL: 32CVE-2016-5195 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- only la cartografía de la memoria, como explotados en la naturaleza en octubre de 2016, vulnerabilidad también conocida como "Dirty COW". A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. • https://github.com/dirtycow/dirtycow.github.io https://www.exploit-db.com/exploits/40611 https://www.exploit-db.com/exploits/40838 https://www.exploit-db.com/exploits/40616 https://www.exploit-db.com/exploits/40839 https://www.exploit-db.com/exploits/40847 https://github.com/timwr/CVE-2016-5195 https://github.com/gbonacini/CVE-2016-5195 https://github.com/whu-enjoy/CVE-2016-5195 https://github.com/jas502n/CVE-2016-5195 https://github.com/arttnba3/CVE-2016- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8660
https://notcve.org/view.php?id=CVE-2016-8660
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." El subsistema XFS en el kernel de Linux hasta la versión 4.8.2 permite a usuarios locales provocar una denegación de servicio (fallo fdatasync y cuelgue del sistema) usando el grupo de llamada al sistema vfs en el programa trinity, relacionado con un "error de orden de página de bloqueo en la búsqueda XFS en implementación hole/data". • http://www.openwall.com/lists/oss-security/2016/10/13/8 http://www.securityfocus.com/bid/93558 https://bugzilla.redhat.com/show_bug.cgi?id=1384851 • CWE-19: Data Processing Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8658
https://notcve.org/view.php?id=CVE-2016-8658
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. Desbordamiento de búfer basado en pila en la función brcmf_cfg80211_start_ap en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c en el kernel de Linux en versiones anteriores a 4.7.5 permite a usuarios locales provocar una denegación de servicio (caída de sistema) o tener otro posible impacto no especificado a través de un SSID Information Element largo en un comando a un socket Netlink. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5 http://www.openwall.com/lists/oss-security/2016/10/13/1 http://www.securityfocus.com/bid/93541 http://www.ubuntu.com/usn/USN-3145-1 http://www.ubuntu.com/usn/USN-3145-2 http://www.ubuntu.com/usn/USN-3146-1 http://www.ubuntu.com/usn/USN-3146-2 https://bugzilla.redhat.com/show_b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7042 – kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled
https://notcve.org/view.php?id=CVE-2016-7042
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. La función proc_keys_show en security/keys/proc.c en el kernel de Linux hasta la versión 4.8.2, cuando el protector de pila GNU Compiler Collection (gcc) está habilitado, utiliza un tamaño de búfer incorrecto para ciertos datos de tiempo de espera, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de la memoria de pila y pánico) leyendo el archivo /proc/keys. It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. • http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.openwall.com/lists/oss-security/2016/10/13/5 http://www.securityfocus.com/bid/93544 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://bugzilla.redhat.com/show_bug.cgi?id=1373966 https://source.android.com/security/bulletin/2017-01-01.html https://access.redhat.com/security/cve/CVE-2016-7042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •