Max CVSS 10.0 Min CVSS 2.1 Total Count47
IDCVSSSummaryLast (major) updatePublished
CVE-2016-7097 3.6
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permission
07-04-2017 - 21:59 16-10-2016 - 17:59
CVE-2016-9793 7.2
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspe
07-03-2017 - 21:59 28-12-2016 - 02:59
CVE-2016-5244 5.0
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
19-02-2017 - 01:20 27-06-2016 - 06:59
CVE-2016-4805 7.2
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a n
19-02-2017 - 01:20 23-05-2016 - 06:59
CVE-2017-5551 3.6
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid pro
09-02-2017 - 16:53 06-02-2017 - 01:59
CVE-2015-7513 4.9
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_v
02-02-2017 - 21:59 07-02-2016 - 22:59
CVE-2015-1350 2.1
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a
01-02-2017 - 21:59 02-05-2016 - 06:59
CVE-2016-9576 7.2
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-af
17-01-2017 - 21:59 28-12-2016 - 02:59
CVE-2016-8399 7.6
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a
17-01-2017 - 21:59 12-01-2017 - 10:59
CVE-2016-7916 4.7
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which envir
17-01-2017 - 21:59 16-11-2016 - 00:59
CVE-2015-8962 9.3
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_I
17-01-2017 - 21:59 16-11-2016 - 00:59
CVE-2016-9756 2.1
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
06-01-2017 - 22:00 28-12-2016 - 02:59
CVE-2016-9555 10.0
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified
06-01-2017 - 22:00 27-11-2016 - 22:59
CVE-2016-7425 7.2
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow)
06-01-2017 - 22:00 16-10-2016 - 17:59
CVE-2016-7117 10.0
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
06-01-2017 - 22:00 10-10-2016 - 07:00
CVE-2016-7042 4.9
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a deni
06-01-2017 - 22:00 16-10-2016 - 17:59
CVE-2016-10088 6.9
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of ser
06-01-2017 - 22:00 30-12-2016 - 13:59
CVE-2016-6828 4.9
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-
02-01-2017 - 22:00 16-10-2016 - 17:59
CVE-2016-9685 4.9
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
30-12-2016 - 21:59 28-12-2016 - 02:59
CVE-2012-6704 7.2
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecif
30-12-2016 - 21:59 28-12-2016 - 02:59
CVE-2015-7833 4.9
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in
07-12-2016 - 13:25 19-10-2015 - 06:59
CVE-2013-4312 4.9
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c
05-12-2016 - 21:59 07-02-2016 - 22:59
CVE-2016-4997 7.2
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-contai
02-12-2016 - 22:27 03-07-2016 - 17:59
CVE-2016-8646 4.9
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.
28-11-2016 - 18:36 27-11-2016 - 22:59
CVE-2016-8633 6.2
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
28-11-2016 - 18:34 27-11-2016 - 22:59
CVE-2016-8632 7.2
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of serv
28-11-2016 - 15:40 27-11-2016 - 22:59
CVE-2016-7911 9.3
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
28-11-2016 - 15:39 16-11-2016 - 00:59
CVE-2016-7910 9.3
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had
28-11-2016 - 15:39 16-11-2016 - 00:59
CVE-2016-6480 4.7
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fe
28-11-2016 - 15:33 06-08-2016 - 16:59
CVE-2016-5829 7.2
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOC
28-11-2016 - 15:29 27-06-2016 - 06:59
CVE-2016-4998 5.6
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by levera
28-11-2016 - 15:22 03-07-2016 - 17:59
CVE-2016-4913 7.2
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have
28-11-2016 - 15:21 23-05-2016 - 06:59
CVE-2016-4580 5.0
The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call
28-11-2016 - 15:19 23-05-2016 - 06:59
CVE-2016-4578 2.1
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_t
28-11-2016 - 15:19 23-05-2016 - 06:59
CVE-2016-4569 2.1
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer
28-11-2016 - 15:18 23-05-2016 - 06:59
CVE-2016-4565 7.2
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI int
28-11-2016 - 15:18 23-05-2016 - 06:59
CVE-2016-4485 5.0
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
28-11-2016 - 15:18 23-05-2016 - 06:59
CVE-2016-4482 2.1
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTIN
28-11-2016 - 15:18 23-05-2016 - 06:59
CVE-2016-4470 4.9
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a craft
28-11-2016 - 15:18 27-06-2016 - 06:59
CVE-2016-3841 7.2
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
28-11-2016 - 15:12 06-08-2016 - 16:59
CVE-2016-2187 4.9
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device desc
28-11-2016 - 15:03 02-05-2016 - 06:59
CVE-2016-1583 7.2
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames
28-11-2016 - 15:00 27-06-2016 - 06:59
CVE-2016-0823 2.1
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 257
28-11-2016 - 14:55 12-03-2016 - 16:59
CVE-2015-8964 7.1
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.
28-11-2016 - 14:50 16-11-2016 - 00:59
CVE-2015-8956 3.6
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluet
28-11-2016 - 14:50 10-10-2016 - 06:59
CVE-2004-0230 5.0
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
17-10-2016 - 22:42 18-08-2004 - 00:00
CVE-2016-2189
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4565. Reason: This candidate is a reservation duplicate of CVE-2016-4565. Notes: All CVE users should reference CVE-2016-4565 instead of this candidate. All references and descr
17-05-2016 - 11:59 17-05-2016 - 11:59
Back to Top Mark selected
Back to Top