CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2016-3951
https://notcve.org/view.php?id=CVE-2016-3951
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Vulnerabilidad de liberación de memoria doble en drivers/net/usb/cdc_ncm.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) o posiblemente tener otro impacto no especificado insertando un dispositivo USB con un descriptor USB no válido. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005 •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2016-3156 – kernel: ipv4: denial of service when destroying a network interface
https://notcve.org/view.php?id=CVE-2016-3156
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. La implementación IPv4 en el kernel de Linux en versiones anteriores a 4.5.2 no maneja adecuadamente la destrucción de objetos de dispositivo, lo que permite a usuarios del SO invitado provocar una denegación de servicio (corte de la red del sistema operativo anfitrión) disponiendo un gran número de direcciones IP. A security flaw was found in the Linux kernel's networking subsystem that destroying the network interface with huge number of ipv4 addresses assigned keeps "rtnl_lock" spinlock for a very long time (up to hour). This blocks many network-related operations, including creation of new incoming ssh connections. The problem is especially important for containers, as the container owner has enough permissions to trigger this and block a network access on a whole host, outside the container. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8845 – kernel: incorrect restoration of machine specific registers from userspace
https://notcve.org/view.php?id=CVE-2015-8845
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. La función tm_reclaim_thread en arch/powerpc/kernel/process.c en el Kernel de Linux en versiones anteriores a 4.4.1 sobre plataformas powerpc no asegura que exista el modo TM suspend antes de proceder con una llamada tm_reclaim, lo que permite a usuarios locales provocar una denegación de servicio (excepción TM Bad Thing y pánico) a través de una aplicación manipulada. A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-258 • CWE-284: Improper Access Control CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2016-3672 – Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
https://notcve.org/view.php?id=CVE-2016-3672
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. La función arch_pick_mmap_layout en arch/x86/mm/mmap.c en el kernel de Linux hasta la versión 4.5.2 no maneja de forma aleatoria el legado de la dirección base, lo que hace más fácil a usuarios locales romper las restricciones destinadas en los indicadores ADDR_NO_RANDOMIZE, y eludir el mecanismo de protección ASLR para programas setuid o setid, deshabilitando los límites de recursos del consumo de pila. A weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited. • https://www.exploit-db.com/exploits/39669 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/open • CWE-254: 7PK - Security Features CWE-341: Predictable from Observable State •
CVSS: 6.2EPSS: 0%CPEs: 17EXPL: 0CVE-2016-2847 – kernel: pipe: limit the per-user amount of pages allocated in pipes
https://notcve.org/view.php?id=CVE-2016-2847
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. fs/pipe.c en el kernel de Linux antes de 4.5 no limita la cantidad de datos no leídos en las tuberías, lo que permite a los usuarios locales provocar una denegación de servicio (consumo de memoria) creando muchas tuberías con tamaños no predeterminados. It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •