U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*
There are 1,231 matching records.
Displaying matches 961 through 980.
Vuln ID Summary CVSS Severity
CVE-2015-7799

The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.

Published: October 19, 2015; 6:59:09 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-7613

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

Published: October 19, 2015; 6:59:08 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2015-6937

The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.

Published: October 19, 2015; 6:59:07 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-6252

The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.

Published: October 19, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-5707

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

Published: October 19, 2015; 6:59:05 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2015-5283

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.

Published: October 19, 2015; 6:59:03 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2015-5156

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.

Published: October 19, 2015; 6:59:02 AM -0400
V3.x:(not available)
V2.0: 6.1 MEDIUM
CVE-2015-0275

The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.

Published: October 19, 2015; 6:59:00 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-7445

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.

Published: October 15, 2015; 9:59:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2015-6526

The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.

Published: August 31, 2015; 4:59:07 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-4036

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.

Published: August 31, 2015; 4:59:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5706

Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.

Published: August 31, 2015; 6:59:16 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2015-5697

The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.

Published: August 31, 2015; 6:59:14 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-5366

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.

Published: August 31, 2015; 6:59:13 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-5364

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

Published: August 31, 2015; 6:59:12 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2015-5157

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

Published: August 31, 2015; 6:59:11 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-4700

The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.

Published: August 31, 2015; 6:59:10 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-3291

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.

Published: August 31, 2015; 6:59:09 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-3290

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.

Published: August 31, 2015; 6:59:08 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-3212

Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.

Published: August 31, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM