Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:4.1:rc5:*:*:*:*:*:*
There are 866 matching records.
Displaying matches 741 through 760.
Vuln ID Summary CVSS Severity
CVE-2015-8956

The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.

Published: October 10, 2016; 6:59:04 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 3.6 LOW
CVE-2016-6516

Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.

Published: August 06, 2016; 4:59:15 PM -0400
V3.0: 7.4 HIGH
V2.0: 4.4 MEDIUM
CVE-2016-6480

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

Published: August 06, 2016; 4:59:14 PM -0400
V3.0: 5.1 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2016-6198

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

Published: August 06, 2016; 4:59:13 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6197

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.

Published: August 06, 2016; 4:59:12 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6187

The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.

Published: August 06, 2016; 4:59:10 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-6156

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

Published: August 06, 2016; 4:59:08 PM -0400
V3.0: 5.1 MEDIUM
V2.0: 1.9 LOW
CVE-2016-6136

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

Published: August 06, 2016; 4:59:06 PM -0400
V3.0: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2016-5696

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

Published: August 06, 2016; 4:59:05 PM -0400
V3.0: 4.8 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-5412

arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.

Published: August 06, 2016; 4:59:04 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2016-5400

Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations.

Published: August 06, 2016; 4:59:02 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-3841

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

Published: August 06, 2016; 4:59:01 PM -0400
V3.0: 7.3 HIGH
V2.0: 7.2 HIGH
CVE-2016-3070

The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.

Published: August 06, 2016; 4:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2015-8944

The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.

Published: August 06, 2016; 6:59:54 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-9900

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.

Published: August 06, 2016; 6:59:44 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-9892

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.

Published: August 06, 2016; 6:59:35 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-6130

Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.

Published: July 03, 2016; 5:59:18 PM -0400
V3.0: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2016-4998

The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.

Published: July 03, 2016; 5:59:17 PM -0400
V3.0: 7.1 HIGH
V2.0: 5.6 MEDIUM
CVE-2016-4997

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.

Published: July 03, 2016; 5:59:16 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-3955

The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.

Published: July 03, 2016; 5:59:15 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH