National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:4.4.25
There are 475 matching records.
Displaying matches 461 through 475.
Vuln ID Summary CVSS Severity
CVE-2016-3136

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

Published: May 02, 2016; 06:59:35 AM -04:00
V3: 4.6 MEDIUM
V2: 4.9 MEDIUM
CVE-2016-2188

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 06:59:32 AM -04:00
V3: 4.6 MEDIUM
V2: 4.9 MEDIUM
CVE-2016-2187

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 06:59:30 AM -04:00
V3: 4.6 MEDIUM
V2: 4.9 MEDIUM
CVE-2016-2186

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 06:59:29 AM -04:00
V3: 4.6 MEDIUM
V2: 4.9 MEDIUM
CVE-2016-2185

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 06:59:28 AM -04:00
V3: 4.6 MEDIUM
V2: 4.9 MEDIUM
CVE-2016-2117

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

Published: May 02, 2016; 06:59:27 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Published: May 02, 2016; 06:59:24 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2016-1575

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Published: May 02, 2016; 06:59:23 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2016-3672

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.

Published: April 27, 2016; 01:59:27 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2016-3156

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

Published: April 27, 2016; 01:59:26 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2016-3135

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Published: April 27, 2016; 01:59:23 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Published: April 27, 2016; 01:59:22 PM -04:00
V3: 8.4 HIGH
V2: 7.2 HIGH
CVE-2016-2782

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

Published: April 27, 2016; 01:59:20 PM -04:00
V3: 4.6 MEDIUM
V2: 4.9 MEDIUM
CVE-2016-2383

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.

Published: April 27, 2016; 01:59:10 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2016-2184

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.

Published: April 27, 2016; 01:59:09 PM -04:00
V3: 4.6 MEDIUM
V2: 4.9 MEDIUM