what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

CVE-2016-2847

Status Candidate

Overview

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

Related Files

Red Hat Security Advisory 2017-0217-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0217-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-2847, CVE-2016-7117
SHA-256 | 0f04199e8b96f3c0ef49b41aa0b81c70b56ac8c4e9e510b9a19ddf9c1b0c225a
Red Hat Security Advisory 2016-2584-02
Posted Nov 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2584-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8746, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2069, CVE-2016-2117, CVE-2016-2384, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-3699, CVE-2016-3841, CVE-2016-4569, CVE-2016-4578, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480
SHA-256 | 88a2bd8c0f30988120dd0ca735846a15c63a1e9c06edc72ce61959751724fbc4
Red Hat Security Advisory 2016-2574-02
Posted Nov 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2574-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8746, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2069, CVE-2016-2117, CVE-2016-2384, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-3699, CVE-2016-3841, CVE-2016-4569, CVE-2016-4578, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480
SHA-256 | a58b7b5d58e92d5a084026c53f5461e431441e86891787922c799b50ae4376ed
Ubuntu Security Notice USN-2965-2
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2965-2 - USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-2847, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3689, CVE-2016-3951, CVE-2016-3955, CVE-2016-4557
SHA-256 | 6b52d036c57f1e7c2af2ead1821e8dddc36f23e6a3f79a1abfec9c19421a8b56
Ubuntu Security Notice USN-2948-2
Posted Apr 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2948-2 - USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect reference counting fix in the radeon driver introduced a regression that could cause a system crash. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-7566, CVE-2015-7833, CVE-2015-8812, CVE-2016-0723, CVE-2016-2085, CVE-2016-2550, CVE-2016-2782, CVE-2016-2847
SHA-256 | 275b81339417c812197f69eec7beeedc365d877e550b1d20ee2bd408be49fb77
Ubuntu Security Notice USN-2947-1
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2947-1 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7833, CVE-2015-8812, CVE-2016-2085, CVE-2016-2383, CVE-2016-2550, CVE-2016-2847
SHA-256 | 1589a71a5392734b1ae81742ea08c3d1505de7730a5f381c44076a2fbb5cda36
Ubuntu Security Notice USN-2946-2
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2946-2 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
SHA-256 | 0038e1460e63ff5cc6aaf80a71168ed50dafde78ce37b3363aa006a996681a76
Ubuntu Security Notice USN-2949-1
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2949-1 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
SHA-256 | 0400bb0d8a6dc0fa5b0e9e74b415c869ca8984e6ffeaccdb1937b1486387cb3a
Ubuntu Security Notice USN-2948-1
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2948-1 - Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2015-7566, CVE-2015-7833, CVE-2015-8812, CVE-2016-0723, CVE-2016-2085, CVE-2016-2550, CVE-2016-2782, CVE-2016-2847
SHA-256 | f3cae25b14e5e6dc21f92189550892543b26dc0cb3d6486d3fef87657d9a3007
Ubuntu Security Notice USN-2947-3
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2947-3 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7833, CVE-2015-8812, CVE-2016-2085, CVE-2016-2383, CVE-2016-2550, CVE-2016-2847
SHA-256 | 8e332a027893fa2b8bfdfdd28766726d47bc3892017b1859881263fdd0532d37
Ubuntu Security Notice USN-2946-1
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2946-1 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
SHA-256 | c6cb3ff3dd5bc15eed99776afa7a96f21344d3b8675e42dfbe88b47003dcedc5
Ubuntu Security Notice USN-2947-2
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2947-2 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7833, CVE-2015-8812, CVE-2016-2085, CVE-2016-2383, CVE-2016-2550, CVE-2016-2847
SHA-256 | a1cd9bf0ef18c2c6d6e9125dc56451016c28dacccc9581b62fb421f6ee77a750
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close