Back to all categorys

Elevation of privilege vulnerability in kernel file system

CVE-2015-5706

(json)

• CVE numbers: CVE-2015-5706 [Bulletin-CVE-2015-5706]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel file system
• Details: Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. [NIST-CVE-2015-5706]
• Discovered by: on: Unknown
• Reported on: 2017-01-01 [Bulletin-CVE-2015-5706]
• Fixed on: 2015-05-08 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-5706]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-8961

(json)

• CVE numbers: CVE-2015-8961 [Bulletin-CVE-2015-8961]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel file system
• Details: The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. [NIST-CVE-2015-8961]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2015-8961]
• Fixed on: 2015-10-17 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-8961]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3775

(json)

• CVE numbers: CVE-2016-3775 [Bulletin-CVE-2016-3775]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel file system
• Details: The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279. [NIST-CVE-2016-3775]
• Discovered by: on: Unknown
• Reported on: 2016-07-01 [Bulletin-CVE-2016-3775]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-3775]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7911

(json)

• CVE numbers: CVE-2016-7911 [Bulletin-CVE-2016-7911]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel file system
• Details: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. [NIST-CVE-2016-7911]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-7911]
• Fixed on: 2016-07-01 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-7911]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7910

(json)

• CVE numbers: CVE-2016-7910 [Bulletin-CVE-2016-7910]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel file system
• Details: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. [NIST-CVE-2016-7910]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-7910]
• Fixed on: 2016-07-29 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-7910]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2017-0427

(json)

• CVE numbers: CVE-2017-0427 [Bulletin-CVE-2017-0427]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel file system
• Details: An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866. [NIST-CVE-2017-0427]
• Discovered by: Qidan He (何淇丹) (@flanker_hqd) of KeenLab, Tencent (腾讯科恩实验室) [Discovery-CVE-2017-0427] on: Unknown
• Reported on: 2017-02-01 [Bulletin-CVE-2017-0427]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2017-0427]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26