Lucene search

K
NovellSuse Linux Enterprise Real Time Extension

33 matches found

CVE
CVE
added 2016/04/27 5:59 p.m.314 views

CVE-2016-3672

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a set...

7.8CVSS6.6AI score0.00021EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.302 views

CVE-2016-3137

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port...

4.9CVSS5.3AI score0.00021EPSS
CVE
CVE
added 2016/07/03 9:59 p.m.284 views

CVE-2016-4997

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value...

7.8CVSS7.5AI score0.05575EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.194 views

CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

8.4CVSS6.1AI score0.0007EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.178 views

CVE-2015-8812

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

10CVSS9.4AI score0.07948EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.177 views

CVE-2016-4470

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

5.5CVSS5.8AI score0.00057EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.168 views

CVE-2016-2384

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

4.9CVSS6.9AI score0.08978EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.166 views

CVE-2016-5829

Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.

7.8CVSS7.8AI score0.00053EPSS
CVE
CVE
added 2015/10/19 10:59 a.m.154 views

CVE-2015-7833

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.

4.9CVSS5.2AI score0.00164EPSS
CVE
CVE
added 2016/04/14 2:59 p.m.152 views

CVE-2015-8550

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

8.2CVSS6.4AI score0.15964EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.152 views

CVE-2015-8816

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact...

7.2CVSS7AI score0.00076EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.149 views

CVE-2016-2184

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device desc...

4.9CVSS6.1AI score0.00345EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.145 views

CVE-2016-2847

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

6.2CVSS6.3AI score0.00073EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.143 views

CVE-2016-4482

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

6.2CVSS6AI score0.00044EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.140 views

CVE-2016-3156

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

5.5CVSS6.6AI score0.00028EPSS
CVE
CVE
added 2016/02/08 3:59 a.m.139 views

CVE-2015-7566

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoin...

4.9CVSS6AI score0.00453EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.136 views

CVE-2016-4486

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

3.3CVSS5.6AI score0.0052EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.132 views

CVE-2016-4805

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net...

7.8CVSS7.7AI score0.00087EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.130 views

CVE-2016-4569

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

5.5CVSS5.8AI score0.004EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.127 views

CVE-2016-2188

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.1AI score0.00428EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.126 views

CVE-2016-2185

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.3AI score0.00048EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.126 views

CVE-2016-3140

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS6.1AI score0.00175EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.124 views

CVE-2016-5828

The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified ot...

7.8CVSS7.5AI score0.00062EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.122 views

CVE-2016-2186

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.9AI score0.00057EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.116 views

CVE-2016-3138

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

4.9CVSS5.2AI score0.00021EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.116 views

CVE-2016-3951

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

4.9CVSS6.8AI score0.00031EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.115 views

CVE-2016-3689

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

4.9CVSS5AI score0.00062EPSS
CVE
CVE
added 2016/04/13 3:59 p.m.113 views

CVE-2015-8552

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-t...

4.4CVSS4.9AI score0.0019EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.112 views

CVE-2016-3136

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

4.9CVSS5.1AI score0.00202EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.103 views

CVE-2014-9904

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other imp...

7.8CVSS7.4AI score0.00073EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.89 views

CVE-2016-3139

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.68 views

CVE-2016-3707

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Ech...

8.1CVSS7.9AI score0.01874EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.65 views

CVE-2015-1339

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

6.2CVSS6.3AI score0.00032EPSS