Linux af_packet.c race condition (local root) (CVE-2016-8655)

To create AFPACKET sockets you need CAPNETRAW in your network namespace, which can be acquired by unprivileged processes on systems where unprivileged namespaces are enabled Ubuntu, Fedora, etc. It can be triggered from within containers to compromise the host kernel. On Android, processes with...

kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab

The nfs4procsetacl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service panic via a crafted attempt to set an ACL...