Design/Logic Flaw

Use-after-free vulnerability in the ffsusercopyworker function in drivers/usb/gadget/function/ffs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call...

CVE-2016-7912

The CVE-2016-7912 entry describes a use-after-free in the Linux kernel involving ffs_user_copy_worker in drivers/usb/gadget/function/f_fs.c, prior to version 4.5.3. This flaw lets local users escalate privileges by accessing an I/O data structure after a callback, as documented in multiple source...

CVE-2015-8963

Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service use-after-free by leveraging incorrect handling of an swevent data structure during a CPU unplug operation...

UBUNTU-CVE-2015-8964

The ttysettermiosldisc function in drivers/tty/ttyldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure...

UBUNTU-CVE-2015-8963

Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service use-after-free by leveraging incorrect handling of an swevent data structure during a CPU unplug operation...

CVE-2015-8964

The ttysettermiosldisc function in drivers/tty/ttyldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure...

CVE-2016-7912

Use-after-free vulnerability in the ffsusercopyworker function in drivers/usb/gadget/function/ffs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call...

NVIDIA Driver - No Bounds Checking in Escape 0x7000170

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=936 The DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks for the variable size input escape data, and relies on a user provided size as the upper bound for writing output. Crashing context with PoC Win 10 x64 with...

CVE-2016-6386

Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service data-structure corruption and device reload via fragmented IPv4 packets, aka Bug ID CSCux66005...

CVE-2016-6386

Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service data-structure corruption and device reload via fragmented IPv4 packets, aka Bug ID CSCux66005...

Memory corruption

Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service data-structure corruption and device reload via fragmented IPv4 packets, aka Bug ID CSCux66005...

CVE-2016-6386

Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service data-structure corruption and device reload via fragmented IPv4 packets, aka Bug ID CSCux66005...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3051-1)

It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service system crash. CVE-2016-4470 Kangjie Lu discovered an...

USN-3050-1: Linux kernel (OMAP4) vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...

CVE-2014-9900

The ethtoolgetwol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android...

CVE-2014-9900

The ethtoolgetwol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android...

PHP ext/session/session.c Denial of Service Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A denial of service vulnerability exists in PHP versions prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 in which the ext/session/session.c...

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...

Security Bulletin: ASN. 1 coding in the presence of a heap memory corruption vulnerability-vulnerability warning-the black bar safety net

! ! 1. Security Bulletin information Title: Objective system integrated Co., Ltd. The design of the ASN. 1 coding specification in the presence of one can lead to heap memory corruption vulnerabilities. Vulnerability CVE number: CVE-2 0 1 6-5 0 8 0 Announcement of the URL address:...

CVE-2016-3713

The msrmtrrvalid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvmarchvcpu data structure, and consequently obtain sensitive information or cause a denial of service system crash, via a crafted ioctl call...