33 matches found
CVE-2016-3672
CVE-2016-3672 affects the Linux kernel before 4.5.3 where arch_pick_mmap_layout in arch/x86/mm/mmap.c fails to properly randomize the legacy base address. This defeats ADDR_NO_RANDOMIZE protections and can bypass ASLR for setuid/setgid programs by disabling stack-consumption resource limits. Affe...
CVE-2016-3137
CVE-2016-3137 affects the Linux kernel driver, specifically drivers/usb/serial/cypress_m8.c, with exploitation possible via a USB device lacking interrupt endpoints. The vulnerability allows a NULL pointer dereference leading to a denial of service (system crash) and is fixed in kernel 4.5.1 (and...
CVE-2016-4997
CVE-2016-4997 affects the Linux kernel netfilter IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE handling in 32/64-bit compatibility paths prior to 4.6.3, enabling local privilege escalation or memory-corruption-based denial of service when a crafted offset is supplied via in-container root access. Ex...
CVE-2016-3134
The CVE-2016-3134 issue affects the Linux kernel netfilter/ip_tables.c, where the mark_source_chains() path can process an IPT_SET_REPLACE entry with an unvalidated next_offset. This can lead to out-of-bounds writes that enable local privilege escalation or cause a denial of service (heap memory ...
CVE-2016-2384
The CVE-2016-2384 issue affects the Linux kernel (snd_usbmidi_create in sound/usb/midi.c) prior to 4.5, caused by a double-free when handling an invalid USB descriptor. This can enable physically proximate attackers to trigger a denial of service (panic) or potentially other unspecified impacts. ...
CVE-2015-8812
CVE-2015-8812 affects the Linux kernel CXGB3 driver; a use-after-free in drivers/infiniband/hw/cxgb3/iwch_cm.c can be triggered by crafted packets to remotely execute code or cause a denial of service. Impact is a remote-code execution/DoS via network traffic with the vulnerability labeled as hig...
CVE-2016-4470
CVE-2016-4470 affects the Linux kernel keyring handling: in key_reject_and_link() an uninitialized pointer may be dereferenced after an error, enabling a local attacker to trigger a denial of service (system crash) via crafted keyctl request2. Connected advisories confirm this is a kernel issue w...
CVE-2016-5829
CVE-2016-5829 is a Linux kernel vulnerability in the hiddev driver (hiddev_ioctl_usage in drivers/hid/usbhid/hiddev.c) that allows a local user to trigger heap-based buffer overflows by sending crafted ioctls (HIDIOCGUSAGES or HIDIOCSUSAGES). Affected kernels are up to 4.6.3 (through 4.6.3). The ...
CVE-2016-2184
CVE-2016-2184 affects the Linux kernel snd-usb-audio driver (pre-4.5.1). The vulnerability stems from create_fixed_stream_quirk in sound/usb/quirks.c, which allows a physically proximate attacker to trigger a denial of service via a crafted endpoints value in a USB device descriptor. Consequences...
CVE-2015-8550
CVE-2015-8550 is reported in Xen as a double-fetch vulnerability affecting systems using PV backends. The issue arises when memory is shared between the Xen frontend and backend, enabling local guest OS administrators to either crash the host OS (DoS) or gain privileges. The description consisten...
CVE-2016-2847
CVE-2016-2847 affects the Linux kernel, where fs/pipe.c does not cap unread data in pipes, enabling local users to cause memory exhaustion and a denial of service. The description and connected sources confirm the vulnerability lies in the per-user pipe data handling and that the risk is local Do...
CVE-2015-7833
CVE-2015-7833 : The usbvision driver in the Linux kernel is affected. In Red Hat Enterprise Linux 7.1, kernel packages from 3.10.0-123.20.1.el7 up to 3.10.0-229.14.1.el7 are vulnerable. A physically proximate attacker can cause a denial of service (panic) by presenting a USB device descriptor wit...
CVE-2016-3156
CVE-2016-3156 affects the Linux kernel IPv4 implementation. A use-after-free in the destruction of inet device objects can be exploited by a local attacker (guest OS user) to cause a host networking outage by exhausting rtnl_lock with a large number of IP addresses. Impact is a denial of service ...
CVE-2015-8816
CVE-2015-8816 affects the Linux kernel prior to 4.3.5, where hub_activate in drivers/usb/core/hub.c mishandles hub-interface data. Physically proximate attackers can unplug a USB hub to trigger invalid memory access and a system crash (DoS); impact may be unspecified otherwise. A fixed version ex...
CVE-2016-4569
CVE-2016-4569 (Linux kernel) : The snd_timer_user_params function in sound/core/timer.c reportedly does not initialize a certain data structure in kernel versions up to 4.6, enabling a local attacker to leak information from kernel stack memory via the ALSA timer interface. This is an information...
CVE-2016-4482
CVE-2016-4482 : The Linux kernel before 4.7 has a flaw in the proc_connectinfo handling. The proc_connectinfo function in drivers/usb/core/devio.c does not initialize a data structure, enabling local users to read sensitive data from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl. T...
CVE-2016-4486
CVE-2016-4486 affects the Linux kernel prior to 4.5.5, where the function rtnetlink.c: rtnl_fill_link_ifmap does not initialize a certain data structure. This allows a local attacker to read kernel stack memory via a crafted Netlink message, leading to information disclosure. Public references (i...
CVE-2015-7566
CVE-2015-7566 affects the Linux kernel driver drivers/usb/serial/visor.c (clie_5_attach). A USB device without a bulk-out endpoint can cause a NULL pointer dereference, leading to a denial of service and potential system crash. The vulnerability is confirmed by Nessus advisories referencing the v...
CVE-2016-5828
CVE-2016-5828 affects the Linux kernel on powerpc platforms (up to 4.6.3). The start_thread function mishandles transactional memory, allowing local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) by starting and suspending a transaction befo...
CVE-2016-2185
CVE-2016-2185 : In the Linux kernel, the ati_remote2_probe function (drivers/input/misc/ati_remote2.c) in versions before 4.5.1 is vulnerable. A physically proximate attacker can trigger a NULL pointer dereference via a crafted USB device descriptor, causing a denial of service (system crash). Th...
CVE-2016-3140
CVE-2016-3140 affects the Linux kernel, specifically the digi_port_init function in drivers/usb/serial/digi_acceleport.c. The vulnerability enables physically proximate attackers to trigger a NULL pointer dereference and crash the system by sending a crafted endpoints value in a USB device descri...
CVE-2016-4805
CVE-2016-4805 describes a use-after-free in the Linux kernel’s drivers/net/ppp/ppp_generic.c before 4.5.2. The flaw allows local attackers to trigger memory corruption and potential DoS (system crash) by removing a network namespace, related to ppp_register_net_channel and ppp_unregister_channel....
CVE-2016-2188
CVE-2016-2188 entry is rejected and not used.
CVE-2016-2186
The CVE-2016-2186 entry concerns the Linux kernel powermate_probe in drivers/input/misc/powermate.c, where kernels prior to 4.5.1 are vulnerable. A physically proximate attacker can trigger a denial of service (NULL pointer dereference and system crash) by sending a crafted endpoints value in a U...
CVE-2016-3689
CVE-2016-3689 affects the Linux kernel: the ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c is exploitable via a USB device with no master/slave interfaces, allowing a physically proximate attacker to trigger a denial of service (system crash). A patch is available in kernel 4.5.1...
CVE-2016-3138
CVE-2016-3138 : The Linux kernel’s acm_probe in drivers/usb/class/cdc-acm.c is vulnerable before 4.5.1. A USB device with no both a control and a data endpoint descriptor can trigger a NULL pointer dereference, enabling a physically proximate attacker to crash the system. Impact is denial of serv...
CVE-2016-3951
CVE-2016-3951 concerns a double-free in Linux kernel drivers/net/usb/cdc_ncm.c, exploitable when a USB device with an invalid descriptor is inserted. Affected: Linux kernel pre-4.5; impact: denial of service (system crash) and potential unspecified effects. The linked Unity security advisories co...
CVE-2016-3136
CVE-2016-3136 affects the Linux kernel up to version 4.5.0, where the mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c can be triggered by a crafted USB device without two interrupt-in endpoint descriptors. This allows physically proximate attackers to cause a denial of service (NU...
CVE-2015-8552
CVE-2015-8552 affects the Xen PCI backend driver. On x86, with Linux 3.1.x–4.3.x as the driver domain, local guest administrators can cause a denial of service by crafting access to a passed-through MSI/MSI-X PCI device and using XEN_PCI_OP_enable_msi, exploiting Linux pciback missing sanity chec...
CVE-2014-9904
CVE-2014-9904 affects the Linux kernel ALSA subsystem: snd_compress_check_input in sound/core/compress_offload.c before 3.17 fails to check for an integer overflow. This can allow local users to cause a denial of service (insufficient memory allocation) or other unspecified impact via a crafted S...
CVE-2016-3139
CVE-2016-3139 : The Linux kernel before 3.17 is vulnerable in drivers/input/tablet/wacom_sys.c (wacom_probe). A crafted endpoints value in a USB device descriptor can be exploited by a physically proximate attacker to trigger a NULL pointer dereference, causing a denial of service (system crash)....
CVE-2016-3707
CVE-2016-3707 affects the Linux kernel realtime patches (kernel.org patches/rt) used in kernel-rt builds, notably Red Hat Enterprise Linux for Real Time 7. The vulnerability exists in icmp_check_sysrq in net/ipv4/icmp.c, allowing remote attackers to execute SysRq commands via crafted ICMP Echo Re...
CVE-2015-1339
CVE-2015-1339 affects the Linux kernel: memory leak in cuse_channel_release (fs/fuse/cuse.c) can be triggered by opening /dev/cuse many times, leading to local denial of service via memory consumption (unbounded memory use). The vulnerability is reported as present in kernel versions before 4.4. ...