Lucene search

K
LinuxLinux Kernel

9 matches found

CVE
CVE
added 2015/12/28 11:59 a.m.258 views

CVE-2015-8660

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

7.2CVSS5.4AI score0.65431EPSS
CVE
CVE
added 2015/12/28 11:59 a.m.159 views

CVE-2015-8543

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain p...

7CVSS7AI score0.0192EPSS
CVE
CVE
added 2015/12/28 11:59 a.m.131 views

CVE-2013-7446

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

5.4CVSS5.9AI score0.00013EPSS
CVE
CVE
added 2015/12/28 11:59 a.m.122 views

CVE-2015-8374

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.

4CVSS4.7AI score0.00043EPSS
CVE
CVE
added 2015/12/28 11:59 a.m.120 views

CVE-2015-7990

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerabil...

5.9CVSS6.6AI score0.00122EPSS
CVE
CVE
added 2015/12/28 11:59 a.m.103 views

CVE-2015-8569

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

2.3CVSS4.5AI score0.00017EPSS
CVE
CVE
added 2015/12/28 11:59 a.m.85 views

CVE-2015-7509

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

4.9CVSS4.5AI score0.00092EPSS
CVE
CVE
added 2015/12/28 11:59 a.m.70 views

CVE-2015-7885

The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.

2.3CVSS3AI score0.00077EPSS
CVE
CVE
added 2015/12/28 11:59 a.m.55 views

CVE-2015-7884

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.

2.3CVSS2.9AI score0.00036EPSS