Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In February 2016 (Information Leak)
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
Max CVSS
6.8
EPSS Score
0.16%
Published
2016-02-08
Updated
2016-12-06
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
Max CVSS
4.0
EPSS Score
0.11%
Published
2016-02-08
Updated
2017-11-04
2 vulnerabilities found