Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:3.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-10044 |
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. Published: February 07, 2017; 2:59:00 AM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2014-9914 |
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. Published: February 07, 2017; 2:59:00 AM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-5577 |
The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. Published: February 06, 2017; 1:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-5551 |
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. Published: February 06, 2017; 1:59:00 AM -0500 |
V3.0: 4.4 MEDIUM V2.0: 3.6 LOW |
CVE-2017-5550 |
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. Published: February 06, 2017; 1:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-5549 |
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. Published: February 06, 2017; 1:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-2596 |
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. Published: February 06, 2017; 1:59:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-2583 |
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. Published: February 06, 2017; 1:59:00 AM -0500 |
V3.0: 8.4 HIGH V2.0: 4.6 MEDIUM |
CVE-2016-10208 |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. Published: February 06, 2017; 1:59:00 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-10147 |
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). Published: January 18, 2017; 4:59:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-2584 |
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. Published: January 14, 2017; 9:59:02 PM -0500 |
V3.0: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2017-0404 |
An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32510733. Published: January 12, 2017; 3:59:02 PM -0500 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |
CVE-2017-0403 |
An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402548. Published: January 12, 2017; 3:59:02 PM -0500 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |
CVE-2016-8474 |
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972. Published: January 12, 2017; 3:59:01 PM -0500 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2016-8473 |
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790. Published: January 12, 2017; 3:59:01 PM -0500 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2016-8469 |
An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469. Published: January 12, 2017; 3:59:01 PM -0500 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2016-8466 |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31822524. References: B-RB#105268. Published: January 12, 2017; 3:59:01 PM -0500 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |
CVE-2016-8465 |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053. Published: January 12, 2017; 3:59:01 PM -0500 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |
CVE-2016-8464 |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314. Published: January 12, 2017; 3:59:01 PM -0500 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |
CVE-2016-8463 |
A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855. Published: January 12, 2017; 3:59:01 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 7.1 HIGH |