216 matches found
CVE-2016-5195
CVE-2016-5195 (Dirty COW) : A race condition in the Linux kernel’s memory management (mm/gup.c) allows a local user to gain write access to read‑only mappings via a faulty copy‑on‑write handling. Affected: kernel 2.x–4.x prior to 4.8.3. Exploitation was observed in the wild around Oct 2016. Impac...
CVE-2016-0728
The CVE-2016-0728 issue affects the Linux kernel up to version 4.4.1, specifically in the keyring handling path join_session_keyring() within security/keys/process_keys.c. A flaw in object reference management in an error path can allow a local, unprivileged user to escalate privileges or cause a...
CVE-2016-7117
CVE-2016-7117 describes a use-after-free in the Linux kernel’s __sys_recvmmsg() within net/socket.c, affecting kernel versions prior to 4.5.2. An attacker could trigger the corruption via a mishandled recvmmsg system call during error processing, enabling remote execution of arbitrary code. The v...
CVE-2016-1583
CVE-2016-1583 affects the Linux kernel: ecryptfs_privileged_open (fs/ecryptfs/kthread.c) allows a local attacker to gain privileges or cause a denial of service via crafted mmap calls for /proc pathnames, triggering recursive pagefault handling. Affects kernels prior to 4.6.3; patch released in 4...
CVE-2016-3672
CVE-2016-3672 affects the Linux kernel before 4.5.3 where arch_pick_mmap_layout in arch/x86/mm/mmap.c fails to properly randomize the legacy base address. This defeats ADDR_NO_RANDOMIZE protections and can bypass ASLR for setuid/setgid programs by disabling stack-consumption resource limits. Affe...
CVE-2016-3137
CVE-2016-3137 affects the Linux kernel driver, specifically drivers/usb/serial/cypress_m8.c, with exploitation possible via a USB device lacking interrupt endpoints. The vulnerability allows a NULL pointer dereference leading to a denial of service (system crash) and is fixed in kernel 4.5.1 (and...
CVE-2016-8666
CVE-2016-8666 affects the Linux kernel’s IP GRO path handling for tunneled/stacked packets. Public sources in connected docs show the issue in kernels before certain fixes, with Unity advisories citing fixes up to kernel 4.8.2 and earlier references noting vulnerability through 4.6 in other conte...
CVE-2015-1328
CVE-2015-1328 affects the Linux kernel overlayfs by failing to properly check permissions for file creation in the upperdir when overlayfs is allowed in an arbitrary mount namespace. This enables local users to escalate to root on systems with overlayfs and user namespaces enabled, notably Ubuntu...
CVE-2016-4997
CVE-2016-4997 affects the Linux kernel netfilter IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE handling in 32/64-bit compatibility paths prior to 4.6.3, enabling local privilege escalation or memory-corruption-based denial of service when a crafted offset is supplied via in-container root access. Ex...
CVE-2016-0758
CVE-2016-0758 concerns an integer overflow in the Linux kernel’s ASN.1 DER decoder (lib/asn1_decoder.c) that could allow local privilege escalation. The Android 2016-10-05 bulletin documents this as a kernel ASN.1 decoder elevation-of-privilege issue with Critical severity, affecting Nexus device...
CVE-2016-6197
CVE-2016-6197 affects the OverlayFS implementation (fs/overlayfs/dir.c) in the Linux kernel before 4.6. The flaw allows a local user to cause a denial of service (system crash) by a rename that specifies a self-hardlink, due to incomplete verification of the upper dentry during unlink/rename. Exp...
CVE-2016-8633
CVE-2016-8633 affects the Linux kernel due to a vulnerability in drivers/firewire/net.c that can allow remote code execution when processing crafted fragmented packets on certain hardware. The connected Unity Linux advisories (UTSA-2026-003327 and related Nessus plugins) state the issue exists in...
CVE-2015-1350
CVE-2015-1350 is confirmed in the Connected documents as a vulnerability in the Linux kernel VFS subsystem (3.x) where setattr operations underspecify removal of extended privilege attributes. This can allow local users to cause a denial of service by stripping capabilities from specific processe...
CVE-2016-9555
The CVE-2016-9555 issue affects the Linux kernel SCTP implementation. The sctp_sf_ootb function in net/sctp/sm_statefuns.c lacks chunk-length checking for the first SCTP chunk, and resides in kernel versions before 4.8.8. This can permit remote attackers to cause a denial of service via out-of-bo...
CVE-2015-3288
CVE-2015-3288 affects the Linux kernel prior to 4.1.4. It arises from mishandling anonymous pages in mm/memory.c, allowing a local user to gain privileges or cause a denial of service by writing to page zero. The issue is fixed in 4.1.4 (per ChangeLog-4.1.4 and related advisories referenced in th...
CVE-2016-9794
CVE-2016-9794 is a local, use-after-free race in ALSA’s snd_pcm_period_elapsed() in the Linux kernel before 4.7. A crafted SNDRV_PCM_TRIGGER_START can trigger memory corruption, enabling a local attacker to cause a denial of service (and possibly other impact) on affected systems. Public write-up...
CVE-2016-5696
Technical details about CVE-2016-5696 are not publicly provided in the supplied connected documents; monitor for updates.
CVE-2016-6828
The vulnerability CVE-2016-6828 affects the Linux kernel and is triggered by a local attacker exploiting a use-after-free in the TCP transmit path. Specifically, the tcp_check_send_head path in include/net/tcp.h leaves SACK state in an inconsistent condition after a failed data copy, enabling a l...
CVE-2016-8655
CVE-2016-8655 describes a race condition in the Linux kernel AF_PACKET path (net/packet/af_packet.c) that, up to version 4.8.12, could allow a local user with CAP_NET_RAW to change a socket version via packet_set_ring/packet_setsockopt, leading to use-after-free, privilege escalation or DoS. Conn...
CVE-2016-7042
CVE-2016-7042: Linux kernel vulnerability where proc_keys_show (security/keys/proc.c) uses an incorrect buffer size for certain timeout data when built with gcc stack protector, enabling local denial of service by reading /proc/keys. Affects kernels up to 4.8.2; exploitation could cause stack mem...
CVE-2016-9793
The CVE-2016-9793 issue affects the Linux kernel 4.8.x lineage prior to 4.8.14. The sock_setsockopt implementation in net/core/sock.c mishandles negative values for sk_sndbuf and sk_rcvbuf, enabling a local attacker with CAP_NET_ADMIN to trigger memory corruption and a potential denial of service...
CVE-2015-1573
CVE-2015-1573 affects the Linux kernel, where nft_flush_table() in net/netfilter/nf_tables_api.c mishandles cross-chain jumps with ruleset flushes, allowing a local user with CAP_NET_ADMIN to trigger a denial of service (panic) by flushing affected rules. Affected kernel versions are those before...
CVE-2012-6689
The CVE affects the Linux kernel before 3.5.5, where net/netlink/af_netlink.c:netlink_sendmsg does not validate dst_pid, enabling local spoofing of Netlink messages. Affected product is the Linux kernel (prior to 3.5.5); impact is listed as unspecified (local) with full confidentiality/integrity/...
CVE-2016-4578
CVE-2016-4578 affects the Linux kernel’s ALSA timer subsystem (snd_timer_user_ccallback and snd_timer_user_tinterrupt). The provided sources confirm a local information leak: if the snd_timer interfaces are used, uninitialized r1 data can be read from kernel stack memory, enabling a local attacke...
CVE-2016-3134
The CVE-2016-3134 issue affects the Linux kernel netfilter/ip_tables.c, where the mark_source_chains() path can process an IPT_SET_REPLACE entry with an unvalidated next_offset. This can lead to out-of-bounds writes that enable local privilege escalation or cause a denial of service (heap memory ...
CVE-2016-7910
CVE-2016-7910 is a Linux kernel use-after-free vulnerability in the disk_seqf_stop function (block/genhd.c) that allows a local attacker to gain elevated privileges by taking advantage of a stop operation after a failed start. Affected: Linux kernel versions before 4.7.1. Root cause: use-after-fr...
CVE-2016-10088
CVE-2016-10088 affects the Linux kernel sg path (block/bsg.c, drivers/scsi/sg.c) and is tied to KERNEL_DS handling. A local user could read/write arbitrary kernel memory or trigger use-after-free via /dev/sg, due to an incomplete fix for CVE-2016-9576. Connected advisories confirm the issue acros...
CVE-2016-7039
CVE-2016-7039 affects the Linux kernel IP stack up to version 4.8.2. An attacker can trigger the GRO path with large crafted packets (e.g., VLAN header packets), causing stack consumption and a possible panic/DoS; this is related to CVE-2016-8666. Nessus/UTSA advisories for Unity Linux reference ...
CVE-2016-2384
The CVE-2016-2384 issue affects the Linux kernel (snd_usbmidi_create in sound/usb/midi.c) prior to 4.5, caused by a double-free when handling an invalid USB descriptor. This can enable physically proximate attackers to trigger a denial of service (panic) or potentially other unspecified impacts. ...
CVE-2016-4913
The CVE-2016-4913 issue affects the Linux kernel (fs/isofs/rock.c) and concerns get_rock_ridge_filename mishandling of NM (alternate name) entries containing a NUL character. A local attacker mounting a crafted isofs filesystem could read kernel memory due to this information leak. The vulnerabil...
CVE-2016-9576
CVE-2016-9576 affects the Linux kernel’s SCSI generic (sg) path. The blk_rq_map_user_iov() function in block/blk-map.c did not properly restrict the iterator type, enabling a local attacker with access to /dev/sg to read or write arbitrary kernel memory or trigger a use-after-free. CVE-2016-10088...
CVE-2015-8812
CVE-2015-8812 affects the Linux kernel CXGB3 driver; a use-after-free in drivers/infiniband/hw/cxgb3/iwch_cm.c can be triggered by crafted packets to remotely execute code or cause a denial of service. Impact is a remote-code execution/DoS via network traffic with the vulnerability labeled as hig...
CVE-2016-7913
CVE-2016-7913 affects the Linux kernel tuner driver xc2028 (drivers/media/tuners/tuner-xc2028.c). The vulnerability stems from xc2028_set_config: if the firmware name is omitted from a data structure, a local attacker can trigger a use-after-free, enabling privilege escalation or a denial of serv...
CVE-2015-8767
CVE-2015-8767 affects the Linux kernel SCTP path: net/sctp/sm_sideeffect.c fails to properly synchronize a lock with a socket during heartbeat timeout processing, allowing a local attacker to cause a denial of service (deadlock) via crafted sctp_accept calls. Affected: Linux kernel before 4.3 (pe...
CVE-2015-8956
CVE-2015-8956 detailed in connected sources: The Linux kernel’s rfcomm_sock_bind in net/bluetooth/rfcomm/sock.c, vulnerable before 4.2, may allow a local attacker to obtain sensitive information or cause a denial of service (NULL pointer dereference) via a bind system call on a Bluetooth RFCOMM s...
CVE-2016-8650
CVE-2016-8650 affects the Linux kernel: the mpi_powm function in lib/mpi/mpi-pow.c can fail to allocate memory for limb data, permitting a local attacker to trigger a denial of service (stack memory corruption/panic) via an add_key RSA operation with a zero exponent. Public advisories (F5) confir...
CVE-2015-8539
CVE-2015-8539 is referenced in MiracleLinux AXSA-2018-2578 as a Linux kernel KEYS subsystem flaw fixed by updating the kernel to a version with mitigations. The vulnerability arises in the KEYS subsystem of the Linux kernel prior to 4.4, where crafted keyctl commands can negatively instantiate a ...
CVE-2016-4470
CVE-2016-4470 affects the Linux kernel keyring handling: in key_reject_and_link() an uninitialized pointer may be dereferenced after an error, enabling a local attacker to trigger a denial of service (system crash) via crafted keyctl request2. Connected advisories confirm this is a kernel issue w...
CVE-2016-4998
CVE-2016-4998 affects the Linux kernel netfilter IPT_SO_SET_REPLACE handling. The vulnerability allows a local attacker (e.g., with container/root access) to trigger an out-of-bounds read and potentially leak kernel heap memory or cause a Denial of Service by supplying a crafted offset that cross...
CVE-2016-9588
CVE-2016-9588 affects the Linux kernel KVM arch/x86/kvm/vmx.c: it mismanages #BP and #OF exceptions, allowing a local attacker in an L2 guest to crash the L1 guest (DoS). The issue is fixed in kernel updates after 4.9, with advisories noting upgrades to 4.9.11+ (e.g., 4.9.11-1/2, 4.9.11+ upstream...
CVE-2016-6480
CVE-2016-6480 is a race condition in the Adaptec AAC RAID driver (ioctl_send_fib in drivers/scsi/aacraid/commctrl.c) that could allow a local attacker to trigger a denial of service via an out-of-bounds access or system crash. Technical details show a TOCTTOU-like bug in FIB message handling; exp...
CVE-2013-4312
The CVE-2013-4312 issue affects the Linux kernel prior to 4.4.1, where a local attacker could bypass per-process file-descriptor limits by sending descriptors over a local UNIX domain socket before closing them, causing memory exhaustion and potential denial of service. The root cause is the hand...
CVE-2016-5829
CVE-2016-5829 is a Linux kernel vulnerability in the hiddev driver (hiddev_ioctl_usage in drivers/hid/usbhid/hiddev.c) that allows a local user to trigger heap-based buffer overflows by sending crafted ioctls (HIDIOCGUSAGES or HIDIOCSUSAGES). Affected kernels are up to 4.6.3 (through 4.6.3). The ...
CVE-2015-8839
CVE-2015-8839 is a Linux kernel ext4 race-condition vulnerability (before 4.5) that local users could exploit to cause denial of service or disk corruption by writing to pages belonging to other users after unsynchronized hole punching and page faults. Public documents confirm the affected compon...
CVE-2016-4565
CVE-2016-4565 affects the Linux kernel InfiniBand (IB) stack prior to 4.5.3, where certain IB interfaces improperly rely on write() semantics via a uAPI interface. This could allow a local unprivileged user to cause a denial of service (kernel memory write) and potentially other impact/escalation...
CVE-2015-8830
CVE-2015-8830 is a Linux kernel vulnerability caused by an integer overflow in the aio_setup_single_vector path (fs/aio.c) when handling a large AIO iovec. The issue could allow a local attacker to cause a denial of service or potentially other impact, as described in the CVE entry and reflected ...
CVE-2016-7097
CVE-2016-7097 is a Linux kernel vulnerability in which the setgid bit was not cleared during setxattr, allowing local users to gain group privileges if a setgid executable exists with restricted execute permissions. The issue is reported across the Linux filesystem/ACL handling and was addressed ...
CVE-2016-7425
CVE-2016-7425 affects the Linux kernel component arcmsr_iop_message_xfer in drivers/scsi/arcmsr/arcmsr_hba.c. The vulnerability arises because a length field is not properly restricted, enabling a local user to trigger a heap-based buffer overflow via the ARCMSR_MESSAGE_WRITE_WQBUFFER control cod...
CVE-2015-8970
CVE-2015-8970 affects the Linux kernel prior to 4.4.2. The vulnerability is in crypto/algif_skcipher.c where a setkey operation on an AF_ALG socket may not be verified before an accept system call is processed, allowing a local attacker to trigger a NULL pointer dereference and system crash via a...
CVE-2016-8658
CVE-2016-8658: Stack-based buffer overflow in brcmf_cfg80211_start_ap (Linux kernel, brcmfmac cfg80211) before 4.7.5. Exploitation path involves sending a Netlink command with a long SSID Information Element, enabling a local attacker to trigger a denial-of-service (system crash) or potentially o...