CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6779
https://notcve.org/view.php?id=CVE-2016-6779
12 Jan 2017 — An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004. • http://www.securityfocus.com/bid/94675 • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6780
https://notcve.org/view.php?id=CVE-2016-6780
12 Jan 2017 — An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496. • http://www.securityfocus.com/bid/94675 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6776
https://notcve.org/view.php?id=CVE-2016-6776
12 Jan 2017 — An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6777
https://notcve.org/view.php?id=CVE-2016-6777
12 Jan 2017 — An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6789
https://notcve.org/view.php?id=CVE-2016-6789
12 Jan 2017 — An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9754 – Ubuntu Security Notice USN-3422-2
https://notcve.org/view.php?id=CVE-2016-9754
05 Jan 2017 — The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. La función ring_buffer_resize en kernel/trace/ring_buffer.c en el subsistema de creación de perfiles del kernel de Linux en versiones anteriores a 4.6.1 no maneja adecuadamente ciertos cálculos de entero, lo que permite a usuarios locales o... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-10088 – kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)
https://notcve.org/view.php?id=CVE-2016-10088
30 Dec 2016 — The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. La implementación sg en el kernel Linux hasta la versión 4.9 no restring... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-9794 – kernel: ALSA: Use-after-free in kill_fasync
https://notcve.org/view.php?id=CVE-2016-9794
28 Dec 2016 — Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. Condición de carrera en la función snd_pcm_period_elapsed en sound/core/pcm_lib.c en el subsistema de ALSA en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegación de servicio (uso ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6786 – Debian Security Advisory 3791-1
https://notcve.org/view.php?id=CVE-2016-6786
28 Dec 2016 — kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. kernel/events/core.c en el subsistema de rendimiento en el kernel de Linux en versiones anteriores a 4.0 no gestiona adecuadamente bloqueos durante ciertas migraciones, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad tamb... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6704
https://notcve.org/view.php?id=CVE-2012-6704
28 Dec 2016 — The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. La función sock_setsockopt en net/core/sock.c en el kernel de Linux en versiones anteriores a 3.5 no maneja adecuadam... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82981930125abfd39d7c8378a9cfdf5e1be2002b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •