CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-9914
https://notcve.org/view.php?id=CVE-2014-9914
07 Feb 2017 — Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. Condición de carrera en la función ip4_datagram_release_cb en net/ipv4/datagram.c en el kernel de Linux en versiones anteriores a 3.15.2 permite a usuarios locales obtener privilegios o p... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-10153
https://notcve.org/view.php?id=CVE-2016-10153
06 Feb 2017 — The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. La API criptográfica de la lista de dispersión en el kernel de Linux 4.9.x en versiones anteriores a 4.9.6 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, lo que permite a usuarios locale... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a45f795c65b479b4ba107b6ccde29b896d51ee98 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10154
https://notcve.org/view.php?id=CVE-2016-10154
06 Feb 2017 — The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. La función smbhash en fs/cifs/smbencrypt.c en el kernel de Linux 4.9.x en versiones anteriores a 4.9.1 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, que permi... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06deeec77a5a689cc94b21a8a91a76e42176685d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10208 – kernel: EXT4 memory corruption / SLAB out-of-bounds read
https://notcve.org/view.php?id=CVE-2016-10208
06 Feb 2017 — The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. La función ext4_fill_super en fs/ext4/super.c en el kernel de Linux hasta la versión 4.9.8 no valida correctamente los grupos de bloque meta, lo que permite a atacantes físicamente próximos provocar una denegación de servicio (lectura fuera de lím... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5546 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2017-5546
06 Feb 2017 — The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. La característica de freelist-randomization en mm/slab.c en el kernel 4.8.x de Linux y 4.9.x en versiones anteriores a 4.9.5 permite a usuarios locales provocar una denegación de ser... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5547
https://notcve.org/view.php?id=CVE-2017-5547
06 Feb 2017 — drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. drivers/hid/hid-corsair.c en el kernel de Linux 4.9.x antes 4.9.6 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, lo que permite a usuarios locales provocar una denegación de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d104af38b570d37aa32a5803b04c354f8ed513d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5548
https://notcve.org/view.php?id=CVE-2017-5548
06 Feb 2017 — drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. drivers/net/ieee802154/atusb.c en el kernel de Linux 4.9.x en versiones anteriores a 4.9.6 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, lo que permite a usuarios local... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5549 – Ubuntu Security Notice USN-3208-2
https://notcve.org/view.php?id=CVE-2017-5549
06 Feb 2017 — The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. La función klsi_105_get_line_state en drivers/usb/serial/kl5kusb105.c en el kernel de Linux en versiones anteriores a 4.9.5 coloca los contenidos de memoria de pila no inicializados en una entrada de registro sobre un fallo para le... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146cc8a17a3b4996f6805ee5c080e7101277c410 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5550 – Ubuntu Security Notice USN-3361-1
https://notcve.org/view.php?id=CVE-2017-5550
06 Feb 2017 — Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. Error por un paso en la función pipe_advance en lib/iov_iter.c en el kernel de Linux en versiones anteriores a 4.9.5 permite a usuarios locales obtener información sensible de posiciones de memoria dinámica no inicializadas e... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5551 – kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)
https://notcve.org/view.php?id=CVE-2017-5551
06 Feb 2017 — The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. La función simple_set_acl en fs/posix_acl.c en el kernel de Linux en versiones anteriores a 4.9.6 preserva el bit setgid durante una ll... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=497de07d89c1410d76a15bec2bb41f24a2a89f31 • CWE-287: Improper Authentication •