22 matches found
CVE-2016-1583
CVE-2016-1583 affects the Linux kernel: ecryptfs_privileged_open (fs/ecryptfs/kthread.c) allows a local attacker to gain privileges or cause a denial of service via crafted mmap calls for /proc pathnames, triggering recursive pagefault handling. Affects kernels prior to 4.6.3; patch released in 4...
CVE-2016-3672
CVE-2016-3672 affects the Linux kernel before 4.5.3 where arch_pick_mmap_layout in arch/x86/mm/mmap.c fails to properly randomize the legacy base address. This defeats ADDR_NO_RANDOMIZE protections and can bypass ASLR for setuid/setgid programs by disabling stack-consumption resource limits. Affe...
CVE-2016-3137
CVE-2016-3137 affects the Linux kernel driver, specifically drivers/usb/serial/cypress_m8.c, with exploitation possible via a USB device lacking interrupt endpoints. The vulnerability allows a NULL pointer dereference leading to a denial of service (system crash) and is fixed in kernel 4.5.1 (and...
CVE-2016-4997
CVE-2016-4997 affects the Linux kernel netfilter IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE handling in 32/64-bit compatibility paths prior to 4.6.3, enabling local privilege escalation or memory-corruption-based denial of service when a crafted offset is supplied via in-container root access. Ex...
CVE-2016-3134
The CVE-2016-3134 issue affects the Linux kernel netfilter/ip_tables.c, where the mark_source_chains() path can process an IPT_SET_REPLACE entry with an unvalidated next_offset. This can lead to out-of-bounds writes that enable local privilege escalation or cause a denial of service (heap memory ...
CVE-2016-2184
CVE-2016-2184 affects the Linux kernel snd-usb-audio driver (pre-4.5.1). The vulnerability stems from create_fixed_stream_quirk in sound/usb/quirks.c, which allows a physically proximate attacker to trigger a denial of service via a crafted endpoints value in a USB device descriptor. Consequences...
CVE-2016-2847
CVE-2016-2847 affects the Linux kernel, where fs/pipe.c does not cap unread data in pipes, enabling local users to cause memory exhaustion and a denial of service. The description and connected sources confirm the vulnerability lies in the per-user pipe data handling and that the risk is local Do...
CVE-2016-3156
CVE-2016-3156 affects the Linux kernel IPv4 implementation. A use-after-free in the destruction of inet device objects can be exploited by a local attacker (guest OS user) to cause a host networking outage by exhausting rtnl_lock with a large number of IP addresses. Impact is a denial of service ...
CVE-2015-8816
CVE-2015-8816 affects the Linux kernel prior to 4.3.5, where hub_activate in drivers/usb/core/hub.c mishandles hub-interface data. Physically proximate attackers can unplug a USB hub to trigger invalid memory access and a system crash (DoS); impact may be unspecified otherwise. A fixed version ex...
CVE-2016-4569
CVE-2016-4569 (Linux kernel) : The snd_timer_user_params function in sound/core/timer.c reportedly does not initialize a certain data structure in kernel versions up to 4.6, enabling a local attacker to leak information from kernel stack memory via the ALSA timer interface. This is an information...
CVE-2016-4482
CVE-2016-4482 : The Linux kernel before 4.7 has a flaw in the proc_connectinfo handling. The proc_connectinfo function in drivers/usb/core/devio.c does not initialize a data structure, enabling local users to read sensitive data from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl. T...
CVE-2016-4486
CVE-2016-4486 affects the Linux kernel prior to 4.5.5, where the function rtnetlink.c: rtnl_fill_link_ifmap does not initialize a certain data structure. This allows a local attacker to read kernel stack memory via a crafted Netlink message, leading to information disclosure. Public references (i...
CVE-2016-2185
CVE-2016-2185 : In the Linux kernel, the ati_remote2_probe function (drivers/input/misc/ati_remote2.c) in versions before 4.5.1 is vulnerable. A physically proximate attacker can trigger a NULL pointer dereference via a crafted USB device descriptor, causing a denial of service (system crash). Th...
CVE-2016-3140
CVE-2016-3140 affects the Linux kernel, specifically the digi_port_init function in drivers/usb/serial/digi_acceleport.c. The vulnerability enables physically proximate attackers to trigger a NULL pointer dereference and crash the system by sending a crafted endpoints value in a USB device descri...
CVE-2016-4805
CVE-2016-4805 describes a use-after-free in the Linux kernel’s drivers/net/ppp/ppp_generic.c before 4.5.2. The flaw allows local attackers to trigger memory corruption and potential DoS (system crash) by removing a network namespace, related to ppp_register_net_channel and ppp_unregister_channel....
CVE-2016-2188
CVE-2016-2188 entry is rejected and not used.
CVE-2016-2186
The CVE-2016-2186 entry concerns the Linux kernel powermate_probe in drivers/input/misc/powermate.c, where kernels prior to 4.5.1 are vulnerable. A physically proximate attacker can trigger a denial of service (NULL pointer dereference and system crash) by sending a crafted endpoints value in a U...
CVE-2016-3689
CVE-2016-3689 affects the Linux kernel: the ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c is exploitable via a USB device with no master/slave interfaces, allowing a physically proximate attacker to trigger a denial of service (system crash). A patch is available in kernel 4.5.1...
CVE-2016-3138
CVE-2016-3138 : The Linux kernel’s acm_probe in drivers/usb/class/cdc-acm.c is vulnerable before 4.5.1. A USB device with no both a control and a data endpoint descriptor can trigger a NULL pointer dereference, enabling a physically proximate attacker to crash the system. Impact is denial of serv...
CVE-2016-3951
CVE-2016-3951 concerns a double-free in Linux kernel drivers/net/usb/cdc_ncm.c, exploitable when a USB device with an invalid descriptor is inserted. Affected: Linux kernel pre-4.5; impact: denial of service (system crash) and potential unspecified effects. The linked Unity security advisories co...
CVE-2016-3136
CVE-2016-3136 affects the Linux kernel up to version 4.5.0, where the mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c can be triggered by a crafted USB device without two interrupt-in endpoint descriptors. This allows physically proximate attackers to cause a denial of service (NU...
CVE-2016-3139
CVE-2016-3139 : The Linux kernel before 3.17 is vulnerable in drivers/input/tablet/wacom_sys.c (wacom_probe). A crafted endpoints value in a USB device descriptor can be exploited by a physically proximate attacker to trigger a NULL pointer dereference, causing a denial of service (system crash)....