Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:4.1:rc5:*:*:*:*:*:*
There are 830 matching records.
Displaying matches 801 through 820.
Vuln ID Summary CVSS Severity
CVE-2013-4312

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.

Published: February 07, 2016; 10:59:00 PM -0500
V3.0: 6.2 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2015-8660

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Published: December 28, 2015; 6:59:08 AM -0500
V3.0: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2015-8569

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

Published: December 28, 2015; 6:59:07 AM -0500
V3.0: 2.3 LOW
V2.0: 1.9 LOW
CVE-2015-8543

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

Published: December 28, 2015; 6:59:06 AM -0500
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2015-8374

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.

Published: December 28, 2015; 6:59:05 AM -0500
V3.0: 4.0 MEDIUM
V2.0: 2.1 LOW
CVE-2015-7990

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.

Published: December 28, 2015; 6:59:04 AM -0500
V3.0: 5.8 MEDIUM
V2.0: 5.9 MEDIUM
CVE-2015-7885

The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.

Published: December 28, 2015; 6:59:03 AM -0500
V3.0: 2.3 LOW
V2.0: 2.1 LOW
CVE-2015-7884

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.

Published: December 28, 2015; 6:59:02 AM -0500
V3.0: 2.3 LOW
V2.0: 1.9 LOW
CVE-2013-7446

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

Published: December 28, 2015; 6:59:00 AM -0500
V3.0: 5.3 MEDIUM
V2.0: 5.4 MEDIUM
CVE-2015-8104

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

Published: November 16, 2015; 6:59:12 AM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2015-7872

The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

Published: November 16, 2015; 6:59:10 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-7312

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.

Published: November 16, 2015; 6:59:09 AM -0500
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2015-5307

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

Published: November 16, 2015; 6:59:05 AM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-5257

drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320.

Published: November 16, 2015; 6:59:03 AM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-2925

The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

Published: November 16, 2015; 6:59:00 AM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2015-7799

The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.

Published: October 19, 2015; 6:59:09 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-7613

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

Published: October 19, 2015; 6:59:08 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2015-6937

The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.

Published: October 19, 2015; 6:59:07 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-6252

The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.

Published: October 19, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-5707

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

Published: October 19, 2015; 6:59:05 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM