Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:2.6.24.6
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-8785 |
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. Published: February 07, 2016; 10:59:07 PM -0500 |
V4.0:(not available) V3.1: 6.2 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2015-8767 |
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. Published: February 07, 2016; 10:59:06 PM -0500 |
V4.0:(not available) V3.0: 6.2 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2015-8709 |
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here. Published: February 07, 2016; 10:59:05 PM -0500 |
V4.0:(not available) V3.0: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2015-8575 |
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. Published: February 07, 2016; 10:59:04 PM -0500 |
V4.0:(not available) V3.0: 4.0 MEDIUM V2.0: 2.1 LOW |
CVE-2015-8539 |
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. Published: February 07, 2016; 10:59:03 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2015-7566 |
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. Published: February 07, 2016; 10:59:03 PM -0500 |
V4.0:(not available) V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2015-7550 |
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. Published: February 07, 2016; 10:59:02 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2015-7513 |
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. Published: February 07, 2016; 10:59:01 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2013-4312 |
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. Published: February 07, 2016; 10:59:00 PM -0500 |
V4.0:(not available) V3.0: 6.2 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2015-8569 |
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. Published: December 28, 2015; 6:59:07 AM -0500 |
V4.0:(not available) V3.0: 2.3 LOW V2.0: 1.9 LOW |
CVE-2015-8543 |
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. Published: December 28, 2015; 6:59:06 AM -0500 |
V4.0:(not available) V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2015-8374 |
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. Published: December 28, 2015; 6:59:05 AM -0500 |
V4.0:(not available) V3.0: 4.0 MEDIUM V2.0: 2.1 LOW |
CVE-2015-7990 |
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. Published: December 28, 2015; 6:59:04 AM -0500 |
V4.0:(not available) V3.0: 5.8 MEDIUM V2.0: 5.9 MEDIUM |
CVE-2015-7885 |
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. Published: December 28, 2015; 6:59:03 AM -0500 |
V4.0:(not available) V3.0: 2.3 LOW V2.0: 2.1 LOW |
CVE-2015-7884 |
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. Published: December 28, 2015; 6:59:02 AM -0500 |
V4.0:(not available) V3.0: 2.3 LOW V2.0: 1.9 LOW |
CVE-2015-7509 |
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. Published: December 28, 2015; 6:59:01 AM -0500 |
V4.0:(not available) V3.0: 4.4 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2013-7446 |
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. Published: December 28, 2015; 6:59:00 AM -0500 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.4 MEDIUM |
CVE-2015-8215 |
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. Published: November 16, 2015; 4:59:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-8104 |
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. Published: November 16, 2015; 6:59:12 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2015-7872 |
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. Published: November 16, 2015; 6:59:10 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |