National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:3.14:rc3
There are 1,672 matching records.
Displaying matches 581 through 600.
Vuln ID Summary CVSS Severity
CVE-2016-7913

The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.

Published: November 16, 2016; 12:59:08 AM -05:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-7912

Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.

Published: November 16, 2016; 12:59:07 AM -05:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-7911

Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.

Published: November 16, 2016; 12:59:06 AM -05:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-7910

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.

Published: November 16, 2016; 12:59:05 AM -05:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8964

The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.

Published: November 16, 2016; 12:59:03 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 7.1 HIGH
CVE-2015-8963

Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.

Published: November 16, 2016; 12:59:02 AM -05:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2015-8962

Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.

Published: November 16, 2016; 12:59:01 AM -05:00
V3.0: 7.3 HIGH
    V2: 9.3 HIGH
CVE-2015-8961

The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.

Published: November 16, 2016; 12:59:00 AM -05:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Published: November 10, 2016; 04:59:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-7389

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.

Published: November 08, 2016; 03:59:15 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-8666

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.

Published: October 16, 2016; 05:59:15 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2016-8660

The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."

Published: October 16, 2016; 05:59:14 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2016-8658

Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.

Published: October 16, 2016; 05:59:13 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.6 MEDIUM
CVE-2016-7425

The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.

Published: October 16, 2016; 05:59:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-7097

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.

Published: October 16, 2016; 05:59:11 PM -04:00
V3.0: 4.4 MEDIUM
    V2: 3.6 LOW
CVE-2016-7042

The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.

Published: October 16, 2016; 05:59:10 PM -04:00
V3.0: 6.2 MEDIUM
    V2: 4.9 MEDIUM
CVE-2016-7039

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

Published: October 16, 2016; 05:59:09 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2016-6828

The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.

Published: October 16, 2016; 05:59:08 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2016-6327

drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.

Published: October 16, 2016; 05:59:06 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2015-8953

fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer.

Published: October 16, 2016; 05:59:03 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM