CVE-2016-8391
https://notcve.org/view.php?id=CVE-2016-8391
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. • http://www.securityfocus.com/bid/94681 https://source.android.com/security/bulletin/2016-12-01.html • CWE-284: Improper Access Control •
CVE-2016-9754
https://notcve.org/view.php?id=CVE-2016-9754
The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. La función ring_buffer_resize en kernel/trace/ring_buffer.c en el subsistema de creación de perfiles del kernel de Linux en versiones anteriores a 4.6.1 no maneja adecuadamente ciertos cálculos de entero, lo que permite a usuarios locales obtener privilegios escribiendo en el archivo /sys/kernel/debug/tracing/buffer_size_kb. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1 http://www.securityfocus.com/bid/95278 https://github.com/torvalds/linux/commit/59643d1535eb220668692a5359de22545af579f6 https://source.android.com/security/bulletin/2017-01-01.html • CWE-190: Integer Overflow or Wraparound •
CVE-2016-10088 – kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)
https://notcve.org/view.php?id=CVE-2016-10088
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. La implementación sg en el kernel Linux hasta la versión 4.9 no restringe correctamente operaciones de escritura en situaciones donde la opción KERNEL_DS está activa, lo que permite a usuarios locales leer o escribir a ubicacioes arbitrarias de memoria de kernel o provocar una denegación de servicio (uso despues de liberación) aprovechando el acceso al dispositivo /dev/sg, relacionado con block/bsg.c y drivers/scsi/sg.c. NOTA: esta vulnerabilidad existe debido a una reparación incompleta de CVE-2016-9576. It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835 http://rhn.redhat.com/errata/RHSA-2017-0817.html http://www.openwall.com/lists/oss-security/2016/12/30/1 http://www.securityfocus.com/bid/95169 http://www.securitytracker.com/id/1037538 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://github.com/torvalds/linux • CWE-416: Use After Free •
CVE-2012-6704
https://notcve.org/view.php?id=CVE-2012-6704
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. La función sock_setsockopt en net/core/sock.c en el kernel de Linux en versiones anteriores a 3.5 no maneja adecuadamente valores negativos de sk_sndbuf y sk_rcvbuf, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente tener otro impacto no especificado aprovechando la capacidad CAP_NET_ADMIN para una llamada al sistema setsockopt manipulada con la opción (1) SO_SNDBUF o (2) SO_RCVBUF. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82981930125abfd39d7c8378a9cfdf5e1be2002b http://www.openwall.com/lists/oss-security/2016/12/03/1 http://www.securityfocus.com/bid/95135 https://bugzilla.redhat.com/show_bug.cgi?id=1402024 https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-9588 – Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS
https://notcve.org/view.php?id=CVE-2016-9588
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. arch/x86/kvm/vmx.c en el kernek de Linux hasta la versión 4.9 no gestiona adecuadamente las excepciones #BP y #OF, lo que permite a usuarios del SO invitados provocar una denegación de servicio (caída del SO invitado) declinando el manejo de una excepción lanzada por un invitado L2. Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef85b67385436ddc1998f45f1d6a210f935b3388 http://www.debian.org/security/2017/dsa-3804 http://www.openwall.com/lists/oss-security/2016/12/15/3 http://www.securityfocus.com/bid/94933 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://bugzilla.redhat.com/show_bug.cgi?id=1404924 https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388 https:/ • CWE-248: Uncaught Exception CWE-388: 7PK - Errors •