CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0570
https://notcve.org/view.php?id=CVE-2015-0570
Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. Desbordamiento de buffer basado en pila en la implementación de SET_WPS_IE IOCTL en wlan_hdd_hostapd.c en el controlador WLAN (también conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, permite a atacantes obtener privilegios a través de una aplicación manipulada que utiliza un elemento WPS IE largo. • http://source.android.com/security/bulletin/2016-05-01.html http://www.securityfocus.com/bid/77691 https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0571
https://notcve.org/view.php?id=CVE-2015-0571
The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. El controlador WLAN (también conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no verifica la autorización para llamadas SET IOCTL privadas, lo que permite a atacantes obtener privilegios a través de una aplicación manipulada, relacionado con wlan_hdd_hostapd.c y wlan_hdd_wext.c. • http://source.android.com/security/bulletin/2016-05-01.html http://www.securityfocus.com/bid/77691 https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2062
https://notcve.org/view.php?id=CVE-2016-2062
The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call. La función adreno_perfcounter_query_group en drivers/gpu/msm/adreno_perfcounter.c en el controlador Adreno GPU para el kernel de Linux 3.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, utiliza un tipo de datos entero incorrecto, lo que permite a atacantes provocar una denegación de servicio (desbordamiento de entero, desbordamiento de buffer basado en memoria dinámica y asignación de memoria incorrecta) o posiblemente tener otro impacto no especificado a través de una llamada ioctl IOCTL_KGSL_PERFCOUNTER_QUERY. • http://source.android.com/security/bulletin/2016-06-01.html http://www.securitytracker.com/id/1035766 https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576 https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2059
https://notcve.org/view.php?id=CVE-2016-2059
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls. La función msm_ipc_router_bind_control_port en net/ipc_router/ipc_router_core.c en el módulo del kernel IPC router para el kernel de Linux 3.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no verifica que un puerto es un puerto de cliente, lo que permite a atacantes obtener privilegios o provocar una denegación de servicio (condición de carrera y corrupción de lista) haciendo muchas llamadas ioctl BIND_CONTROL_PORT. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/90230 http://www.securitytracker.com/id/1035765 https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=9e8bdd63f7011dff5523ea435433834b3702398d https://www.codeaurora.org/projects/security-advisories/linux-ipc-router-binding-any-port-control-port-cve-2016-2059 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2016-4557 – Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-4557
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. La función replace_map_fd_with_map_ptr en kernel/bpf/verifier.c en el kernel de Linux en versiones anteriores a 4.5.5 no mantiene correctamente una estructura de datos fd, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) a través de instrucciones BPF manipuladas que hacen referencia a un archivo descriptor incorrecto. Linux kernel versions 4.4 and above where CONFIG_BPF_SYSCALL and kernel.unprivileged_bpf_disabled sysctl is not set to 1 allow for BPF to be abused for privilege escalation. Ubuntu 16.04 has all of these conditions met. • https://www.exploit-db.com/exploits/40759 https://www.exploit-db.com/exploits/39772 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 http://www.openwall.com/lists/oss-security/2016/05/06/4 https://bugs.chromium.org/p/project-zero/issues/detail?id=808 https://bugs.debian.org&#x •