CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16884 – kernel: nfs: use-after-free in svc_process_common()
https://notcve.org/view.php?id=CVE-2018-16884
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Se ha encontrado un error en el subsistema de archivos NFS41+ del kernel de Linux. • http://www.securityfocus.com/bid/106253 https://access.redhat.com/errata/RHSA-2019:1873 https://access.redhat.com/errata/RHSA-2019:1891 https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0204 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884 https://lists.debian.org/debian-lts • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5321
https://notcve.org/view.php?id=CVE-2010-5321
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsistema videobuf en el kernel de Linux 2.6.x hasta la versión 4.x permite a usuarios locales causar una denegación de servicio (consumo de memoria) aprovechando el acceso /dev/video para una serie de llamadas mmap que requieren nuevas asignaciones, una vulnerabilidad diferente a CVE-2007-6761. NOTA: a partir de 18-06-2016, esto afecta sólo a 11 controladores que no se han actualizado para utilizar videobuf2 en lugar de videobuf. • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 http://www.openwall.com/lists/oss-security/2015/02/08/4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340 https://bugzilla.kernel.org/show_bug.cgi?id=120571 https://bugzilla.redhat.com/show_bug.cgi?id=620629 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0570
https://notcve.org/view.php?id=CVE-2015-0570
Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. Desbordamiento de buffer basado en pila en la implementación de SET_WPS_IE IOCTL en wlan_hdd_hostapd.c en el controlador WLAN (también conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, permite a atacantes obtener privilegios a través de una aplicación manipulada que utiliza un elemento WPS IE largo. • http://source.android.com/security/bulletin/2016-05-01.html http://www.securityfocus.com/bid/77691 https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0571
https://notcve.org/view.php?id=CVE-2015-0571
The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. El controlador WLAN (también conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no verifica la autorización para llamadas SET IOCTL privadas, lo que permite a atacantes obtener privilegios a través de una aplicación manipulada, relacionado con wlan_hdd_hostapd.c y wlan_hdd_wext.c. • http://source.android.com/security/bulletin/2016-05-01.html http://www.securityfocus.com/bid/77691 https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2016-2854 – AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-2854
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. El módulo aufs para el kernel de Linux 3.x y 4.x no mantiene correctamente datos POSIX ACL xattr, lo que permite a usuarios locales obtener privilegos aprovechando un directorio con permiso de escritura de grupo setgid. AUFS (Ubuntu 15.10) suffers from an allow_userns fuse/xattr user namespaces privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41761 http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces http://www.openwall.com/lists/oss-security/2016/02/24/9 http://www.securityfocus.com/bid/96838 https://sourceforge.net/p/aufs/mailman/message/34864744 • CWE-269: Improper Privilege Management •