U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:3.2.76:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 2,481 matching records.
Displaying matches 1,681 through 1,700.
Vuln ID Summary CVSS Severity
CVE-2015-0569

Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter.

Published: May 09, 2016; 6:59:00 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2062

The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.

Published: May 05, 2016; 5:59:08 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-2059

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.

Published: May 05, 2016; 5:59:07 PM -0400
V4.0:(not available)
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2016-3689

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

Published: May 02, 2016; 6:59:40 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-3140

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 6:59:39 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-3138

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

Published: May 02, 2016; 6:59:37 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-3137

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

Published: May 02, 2016; 6:59:36 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-3136

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

Published: May 02, 2016; 6:59:35 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-2854

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Published: May 02, 2016; 6:59:34 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-2853

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Published: May 02, 2016; 6:59:33 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2016-2188

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 6:59:32 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-2187

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 6:59:30 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-2186

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 6:59:29 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-2185

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Published: May 02, 2016; 6:59:28 AM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-2117

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

Published: May 02, 2016; 6:59:27 AM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-2053

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

Published: May 02, 2016; 6:59:25 AM -0400
V4.0:(not available)
V3.0: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Published: May 02, 2016; 6:59:24 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-1575

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Published: May 02, 2016; 6:59:23 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2015-8839

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.

Published: May 02, 2016; 6:59:22 AM -0400
V4.0:(not available)
V3.1: 5.1 MEDIUM
V2.0: 1.9 LOW
CVE-2015-8746

fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.

Published: May 02, 2016; 6:59:19 AM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM