CVE-2016-10044
https://notcve.org/view.php?id=CVE-2016-10044
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. La función aio_mount en fs/aio.c en el kernel de Linux en versiones anteriores a 4.7.7 no restringe adecuadamente el acceso de ejecución, lo que facilita a usuarios locales eludir restricciones de política destinadas SELinux W^X, y consecuentemente obtener privilegios, a través de una llamada de sistema io_setup. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a http://source.android.com/security/bulletin/2017-02-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7 http://www.securityfocus.com/bid/96122 http://www.securitytracker.com/id/1037798 https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2017-5551 – kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)
https://notcve.org/view.php?id=CVE-2017-5551
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. La función simple_set_acl en fs/posix_acl.c en el kernel de Linux en versiones anteriores a 4.9.6 preserva el bit setgid durante una llamada setxattr que implica un sistema de archivos tmpfs, lo que permite a usuarios locales obtener privilegios de grupo aprovechando la existencia de un programa setgid con restricciones sobre los permisos de ejecución. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-7097. A vulnerability was found in the Linux kernel in 'tmpfs' file system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=497de07d89c1410d76a15bec2bb41f24a2a89f31 http://www.debian.org/security/2017/dsa-3791 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95717 http://www.securitytracker.com/id/1038053 https://bugzilla.redhat.com/show_bug.cgi?id=1416126 https://github.com/torvalds/linux/commit/497de07d89c1410d76a15bec2bb41f24a2a89f31 • CWE-287: Improper Authentication •
CVE-2017-2596 – Kernel: kvm: page reference leakage in handle_vmon
https://notcve.org/view.php?id=CVE-2017-2596
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. La función nested_vmx_check_vmptr en arch/x86/kvm/vmx.c en el kernel de Linux hasta la versión 4.9.8 emula indebidamente la instrucción VMXON, lo que permite a usuarios del SO invitado KVM L1 provocar una denegación de servicio (consumo de memoria del SO anfitrión) aprovechando el manejo incorrecto de referencia de páginas. Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS. • http://www.debian.org/security/2017/dsa-3791 http://www.openwall.com/lists/oss-security/2017/01/31/4 http://www.securityfocus.com/bid/95878 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://bugzilla.redhat.com/show_bug.cgi?id=1417812 https://access.redhat.com/security/cve/CVE-2017-2596 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-5546
https://notcve.org/view.php?id=CVE-2017-5546
The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. La característica de freelist-randomization en mm/slab.c en el kernel 4.8.x de Linux y 4.9.x en versiones anteriores a 4.9.5 permite a usuarios locales provocar una denegación de servicio (entradas freelist duplicadas y caída del sistema) o posiblemente tener otro impacto no especificado en circunstancias oportunistas aprovechando la selección de un valor grande para un número aleatorio. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95711 https://bugzilla.redhat.com/show_bug.cgi?id=1415733 https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f •
CVE-2016-10154
https://notcve.org/view.php?id=CVE-2016-10154
The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. La función smbhash en fs/cifs/smbencrypt.c en el kernel de Linux 4.9.x en versiones anteriores a 4.9.1 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, que permite a usuarios locales provocar una denegación de servicio (caída del sistema o corrupción de memoria) o posiblemente tener otro impacto no especificado aprovechando el uso de más de una página virtual para una lista de dispersión . • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06deeec77a5a689cc94b21a8a91a76e42176685d http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.securityfocus.com/bid/95714 https://bugzilla.redhat.com/show_bug.cgi?id=1416104 https://github.com/torvalds/linux/commit/06deeec77a5a689cc94b21a8a91a76e42176685d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •