Linux Kernel@3.16.1 Security Vulnerabilities and Issues — Linux Kernel@3.16.1 CVE List

Lucene search

LinuxLinux Kernel3.16.1

8 matches found

CVE•added 2014/09/28 10:55 a.m.•185 views

CVE-2014-6410

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.

4.7CVSS5.8AI score0.00068EPSS

CVE•added 2014/12/17 11:59 a.m.•148 views

CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a se...

2.1CVSS4.8AI score0.00043EPSS

CVE•added 2014/11/30 1:59 a.m.•135 views

CVE-2014-7841

The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.

5CVSS6AI score0.18308EPSS

CVE•added 2014/11/30 1:59 a.m.•123 views

CVE-2014-7842

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-201...

4.9CVSS5.7AI score0.00074EPSS

CVE•added 2014/11/30 1:59 a.m.•109 views

CVE-2014-3688

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.

5CVSS7.1AI score0.02624EPSS

CVE•added 2014/11/30 1:59 a.m.•107 views

CVE-2014-9090

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigretur...

4.9CVSS5.9AI score0.00043EPSS

CVE•added 2014/11/30 1:59 a.m.•103 views

CVE-2014-8884

Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

6.1CVSS6.4AI score0.00042EPSS

CVE•added 2014/11/30 1:59 a.m.•88 views

CVE-2014-8989

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the e...

4.6CVSS5.3AI score0.00027EPSS