CVE-2016-1583

CVE-2016-1583 affects the Linux kernel: ecryptfs_privileged_open (fs/ecryptfs/kthread.c) allows a local attacker to gain privileges or cause a denial of service via crafted mmap calls for /proc pathnames, triggering recursive pagefault handling. Affects kernels prior to 4.6.3; patch released in 4...

CVE-2016-3137

CVE-2016-3137 affects the Linux kernel driver, specifically drivers/usb/serial/cypress_m8.c, with exploitation possible via a USB device lacking interrupt endpoints. The vulnerability allows a NULL pointer dereference leading to a denial of service (system crash) and is fixed in kernel 4.5.1 (and...

CVE-2015-6815

CVE-2015-6815 affects QEMU with e1000 NIC emulation. The process_tx_desc path in hw/net/e1000.c improperly handles transmit descriptor data, enabling a remote attacker within the local network to trigger an infinite loop and guest crash (Denial of Service). This vulnerability is tied to QEMU befo...

CVE-2016-3134

The CVE-2016-3134 issue affects the Linux kernel netfilter/ip_tables.c, where the mark_source_chains() path can process an IPT_SET_REPLACE entry with an unvalidated next_offset. This can lead to out-of-bounds writes that enable local privilege escalation or cause a denial of service (heap memory ...

CVE-2016-4913

The CVE-2016-4913 issue affects the Linux kernel (fs/isofs/rock.c) and concerns get_rock_ridge_filename mishandling of NM (alternate name) entries containing a NUL character. A local attacker mounting a crafted isofs filesystem could read kernel memory due to this information leak. The vulnerabil...

CVE-2016-2184

CVE-2016-2184 affects the Linux kernel snd-usb-audio driver (pre-4.5.1). The vulnerability stems from create_fixed_stream_quirk in sound/usb/quirks.c, which allows a physically proximate attacker to trigger a denial of service via a crafted endpoints value in a USB device descriptor. Consequences...

CVE-2016-2847

CVE-2016-2847 affects the Linux kernel, where fs/pipe.c does not cap unread data in pipes, enabling local users to cause memory exhaustion and a denial of service. The description and connected sources confirm the vulnerability lies in the per-user pipe data handling and that the risk is local Do...

CVE-2016-3156

CVE-2016-3156 affects the Linux kernel IPv4 implementation. A use-after-free in the destruction of inet device objects can be exploited by a local attacker (guest OS user) to cause a host networking outage by exhausting rtnl_lock with a large number of IP addresses. Impact is a denial of service ...

CVE-2015-8816

CVE-2015-8816 affects the Linux kernel prior to 4.3.5, where hub_activate in drivers/usb/core/hub.c mishandles hub-interface data. Physically proximate attackers can unplug a USB hub to trigger invalid memory access and a system crash (DoS); impact may be unspecified otherwise. A fixed version ex...

CVE-2016-4485

The CVE-2016-4485 issue affects the Linux kernel (net/llc/af_llc.c): the llc_cmsg_rcv path does not initialize a data structure, enabling a local attacker to read kernel stack memory and obtain sensitive information. Public references in connected documents indicate this vulnerability existed in ...

CVE-2016-4569

CVE-2016-4569 (Linux kernel) : The snd_timer_user_params function in sound/core/timer.c reportedly does not initialize a certain data structure in kernel versions up to 4.6, enabling a local attacker to leak information from kernel stack memory via the ALSA timer interface. This is an information...

CVE-2016-4482

CVE-2016-4482 : The Linux kernel before 4.7 has a flaw in the proc_connectinfo handling. The proc_connectinfo function in drivers/usb/core/devio.c does not initialize a data structure, enabling local users to read sensitive data from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl. T...

CVE-2016-4486

CVE-2016-4486 affects the Linux kernel prior to 4.5.5, where the function rtnetlink.c: rtnl_fill_link_ifmap does not initialize a certain data structure. This allows a local attacker to read kernel stack memory via a crafted Netlink message, leading to information disclosure. Public references (i...

CVE-2015-7566

CVE-2015-7566 affects the Linux kernel driver drivers/usb/serial/visor.c (clie_5_attach). A USB device without a bulk-out endpoint can cause a NULL pointer dereference, leading to a denial of service and potential system crash. The vulnerability is confirmed by Nessus advisories referencing the v...

CVE-2016-2185

CVE-2016-2185 : In the Linux kernel, the ati_remote2_probe function (drivers/input/misc/ati_remote2.c) in versions before 4.5.1 is vulnerable. A physically proximate attacker can trigger a NULL pointer dereference via a crafted USB device descriptor, causing a denial of service (system crash). Th...

CVE-2016-2187

No new technical details are provided in the Connected documents for CVE-2016-2187. The only available information is in the Initial document, describing a Linux kernel denial-of-service via gtco_probe in gtco.c caused by a crafted USB endpoint in a device descriptor.

CVE-2016-3140

CVE-2016-3140 affects the Linux kernel, specifically the digi_port_init function in drivers/usb/serial/digi_acceleport.c. The vulnerability enables physically proximate attackers to trigger a NULL pointer dereference and crash the system by sending a crafted endpoints value in a USB device descri...

CVE-2016-2188

CVE-2016-2188 entry is rejected and not used.

CVE-2016-2186

The CVE-2016-2186 entry concerns the Linux kernel powermate_probe in drivers/input/misc/powermate.c, where kernels prior to 4.5.1 are vulnerable. A physically proximate attacker can trigger a denial of service (NULL pointer dereference and system crash) by sending a crafted endpoints value in a U...

CVE-2016-3138

CVE-2016-3138 : The Linux kernel’s acm_probe in drivers/usb/class/cdc-acm.c is vulnerable before 4.5.1. A USB device with no both a control and a data endpoint descriptor can trigger a NULL pointer dereference, enabling a physically proximate attacker to crash the system. Impact is denial of serv...

CVE-2015-8552

CVE-2015-8552 affects the Xen PCI backend driver. On x86, with Linux 3.1.x–4.3.x as the driver domain, local guest administrators can cause a denial of service by crafting access to a passed-through MSI/MSI-X PCI device and using XEN_PCI_OP_enable_msi, exploiting Linux pciback missing sanity chec...

CVE-2016-3139

CVE-2016-3139 : The Linux kernel before 3.17 is vulnerable in drivers/input/tablet/wacom_sys.c (wacom_probe). A crafted endpoints value in a USB device descriptor can be exploited by a physically proximate attacker to trigger a NULL pointer dereference, causing a denial of service (system crash)....

CVE-2015-1339

CVE-2015-1339 affects the Linux kernel: memory leak in cuse_channel_release (fs/fuse/cuse.c) can be triggered by opening /dev/cuse many times, leading to local denial of service via memory consumption (unbounded memory use). The vulnerability is reported as present in kernel versions before 4.4. ...

CVE-2013-4589

GraphicsMagick (before 1.3.18) is affected by CVE-2013-4589 due to an error in the ExportAlphaQuantumType() function in magick/export.c when exporting the alpha of 8-bit RGBA images, which can allow remote attackers to cause a denial of service (crash). Public references in Mageia and OSV/NVD ent...