Linux : Security Vulnerabilities, CVEs, Published In 2015 (Information Leak) CVSS score >= 2

CVE-2015-8569

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2017-11-04

CVE-2015-8374

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
Max CVSS
4.0
EPSS Score
0.14%
Published
2015-12-28
Updated
2018-01-05

CVE-2015-7885

The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2016-12-07

CVE-2015-7884

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2016-12-07

CVE-2015-5697

The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-08-31
Updated
2017-09-21
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close