29 matches found
CVE-2015-3288
CVE-2015-3288 affects the Linux kernel prior to 4.1.4. It arises from mishandling anonymous pages in mm/memory.c, allowing a local user to gain privileges or cause a denial of service by writing to page zero. The issue is fixed in 4.1.4 (per ChangeLog-4.1.4 and related advisories referenced in th...
CVE-2016-9794
CVE-2016-9794 is a local, use-after-free race in ALSA’s snd_pcm_period_elapsed() in the Linux kernel before 4.7. A crafted SNDRV_PCM_TRIGGER_START can trigger memory corruption, enabling a local attacker to cause a denial of service (and possibly other impact) on affected systems. Public write-up...
CVE-2012-6689
The CVE affects the Linux kernel before 3.5.5, where net/netlink/af_netlink.c:netlink_sendmsg does not validate dst_pid, enabling local spoofing of Netlink messages. Affected product is the Linux kernel (prior to 3.5.5); impact is listed as unspecified (local) with full confidentiality/integrity/...
CVE-2016-7910
CVE-2016-7910 is a Linux kernel use-after-free vulnerability in the disk_seqf_stop function (block/genhd.c) that allows a local attacker to gain elevated privileges by taking advantage of a stop operation after a failed start. Affected: Linux kernel versions before 4.7.1. Root cause: use-after-fr...
CVE-2016-10088
CVE-2016-10088 affects the Linux kernel sg path (block/bsg.c, drivers/scsi/sg.c) and is tied to KERNEL_DS handling. A local user could read/write arbitrary kernel memory or trigger use-after-free via /dev/sg, due to an incomplete fix for CVE-2016-9576. Connected advisories confirm the issue acros...
CVE-2016-4913
The CVE-2016-4913 issue affects the Linux kernel (fs/isofs/rock.c) and concerns get_rock_ridge_filename mishandling of NM (alternate name) entries containing a NUL character. A local attacker mounting a crafted isofs filesystem could read kernel memory due to this information leak. The vulnerabil...
CVE-2015-8812
CVE-2015-8812 affects the Linux kernel CXGB3 driver; a use-after-free in drivers/infiniband/hw/cxgb3/iwch_cm.c can be triggered by crafted packets to remotely execute code or cause a denial of service. Impact is a remote-code execution/DoS via network traffic with the vulnerability labeled as hig...
CVE-2016-7913
CVE-2016-7913 affects the Linux kernel tuner driver xc2028 (drivers/media/tuners/tuner-xc2028.c). The vulnerability stems from xc2028_set_config: if the firmware name is omitted from a data structure, a local attacker can trigger a use-after-free, enabling privilege escalation or a denial of serv...
CVE-2015-8767
CVE-2015-8767 affects the Linux kernel SCTP path: net/sctp/sm_sideeffect.c fails to properly synchronize a lock with a socket during heartbeat timeout processing, allowing a local attacker to cause a denial of service (deadlock) via crafted sctp_accept calls. Affected: Linux kernel before 4.3 (pe...
CVE-2015-8539
CVE-2015-8539 is referenced in MiracleLinux AXSA-2018-2578 as a Linux kernel KEYS subsystem flaw fixed by updating the kernel to a version with mitigations. The vulnerability arises in the KEYS subsystem of the Linux kernel prior to 4.4, where crafted keyctl commands can negatively instantiate a ...
CVE-2016-5829
CVE-2016-5829 is a Linux kernel vulnerability in the hiddev driver (hiddev_ioctl_usage in drivers/hid/usbhid/hiddev.c) that allows a local user to trigger heap-based buffer overflows by sending crafted ioctls (HIDIOCGUSAGES or HIDIOCSUSAGES). Affected kernels are up to 4.6.3 (through 4.6.3). The ...
CVE-2016-4565
CVE-2016-4565 affects the Linux kernel InfiniBand (IB) stack prior to 4.5.3, where certain IB interfaces improperly rely on write() semantics via a uAPI interface. This could allow a local unprivileged user to cause a denial of service (kernel memory write) and potentially other impact/escalation...
CVE-2016-3841
CVE-2016-3841 affects the Linux kernel IPv6 stack before 4.3.3. A crafted sendmsg can mishandle options data, allowing local users to gain privileges or cause a denial of service via a use-after-free leading to a system crash. Public documents (e.g., MiracleLinux AXSA-2016-1135:09 and Unity Linux...
CVE-2016-7911
CVE-2016-7911: Race condition in get_task_ioprio in block/ioprio.c of the Linux kernel allows local privilege escalation or use-after-free leading to DoS. A crafted ioprio_get system call can trigger the issue. This vulnerability was addressed by kernel patching in the 4.6.6 release; updating to ...
CVE-2012-6701
CVE-2012-6701 : An integer overflow in fs/aio.c of the Linux kernel before 3.4.1 allows local users to trigger a denial of service (and possibly other impact) via a large AIO iovec. Public sources describe exploitation locally and indicate a fix was applied in 3.4.1 (Linux kernel changelog refere...
CVE-2015-7515
CVE-2015-7515 affects the Linux kernel (pre-4.4) due to improper validation in the aiptek_probe path of drivers/input/tablet/aiptek.c. A physically proximate user can cause a NULL pointer dereference and system crash via a crafted USB device that lacks endpoints, leading to denial of service. The...
CVE-2015-8785
CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c of the Linux kernel (versions before 4.4) is exploitable locally to cause a denial of service via a writev call that triggers a zero-length first iov. This is a local, non-privileged issue with an attacker able to induce an infin...
CVE-2015-7513
The CVE-2015-7513 vulnerability affects arch/x86/kvm/x86.c in the Linux kernel prior to 4.4, where PIT counter values are not reset during guest state restoration. This can allow guest OS users to trigger a denial-of-service (divide-by-zero) and host crash via a zero PIT value, related to kvm_vm_...
CVE-2016-2782
CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...
CVE-2016-0821
The CVE-2016-0821 issue relates to the LIST_POISON protection in the Linux kernel (include/linux/poison.h) prior to version 4.3. It affected Android 6.0.1 prior to 2016-03-01 and arises because poison values were used without properly accounting for mmap_min_addr, enabling bypass of poison-pointe...
CVE-2016-3955
The CVE-2016-3955 issue affects the Linux kernel’s usbip_recv_xbuff path (drivers/usb/usbip/usbip_common.c) prior to version 4.5.3. A crafted length in a USB/IP packet can trigger an out-of-bounds write, enabling remote denial of service (and potentially other impact) without authentication. The ...
CVE-2016-2053
CVE-2016-2053: The Linux kernel’s asn1_ber_decoder in lib/asn1_decoder.c is vulnerable to denial-of-service (panic) via a crafted ASN.1 BER file that lacks a public key. The issue occurs in kernel builds prior to 4.3. Consequence is a local DoS without authenticated user interaction. Affected com...
CVE-2015-8962
CVE-2015-8962: Double free in sg_common_write (drivers/scsi/sg.c) of the Linux kernel before 4.4. A local user can gain privileges or cause memory corruption/system crash by detaching a device during an SG_IO ioctl. Remediation: upgrade to Linux kernel 4.4+ or apply vendor patch; exploitation con...
CVE-2015-8963
CVE-2015-8963 : The Linux kernel contains a race condition in kernel/events/core.c related to swevent handling during a CPU unplug operation. Affected: Linux kernel versions before 4.4. Impact: local privilege escalation or denial of service (use‑after‑free) as described in the vulnerability entr...
CVE-2012-6704
CVE-2012-6704 affects the Linux kernel prior to 3.5. The sock_setsockopt path in net/core/sock.c mishandles negative values for sk_sndbuf/sk_rcvbuf, enabling a local attacker with CAP_NET_ADMIN to trigger memory corruption and a possible denial of service (memory corruption/system crash). Affecte...
CVE-2016-6786
CVE-2016-6786 affects the Linux kernel’s performance subsystem: kernel/events/core.c mismanages locks during certain migrations, enabling a local user to escalate privileges. Public documents indicate this vulnerability exists in kernels before 4.0, with several Nessus advisories (Unity Linux/Mir...
CVE-2016-6787
CVE-2016-6787 affects the Linux kernel’s performance subsystem: kernel/events/core.c before 4.0 mismanages locks during certain migrations, allowing local users to gain privileges via a crafted application (Android internal bug 31095224). Impact is local privilege escalation with complete confide...
CVE-2015-8955
CVE-2015-8955 affects the Linux kernel on arm64 (arch/arm64/kernel/perf_event.c) prior to 4.1. The issue arises from events across multiple HW PMUs being mishandled, allowing local users to gain privileges or trigger a denial of service via an invalid pointer dereference. Impact is limited to loc...
CVE-2016-2383
The CVE-2016-2383 vulnerability affects the Linux kernel (kernel/bpf/verifier.c) where, in the backward-jump delta handling, local attackers can craft BPF instructions to read kernel memory. It is exploitable by local users via a crafted packet filter. The issue is present in kernel versions befo...