Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In October 2016 (Memory corruption)
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
Max CVSS
10.0
EPSS Score
3.81%
Published
2016-10-10
Updated
2023-01-19
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.
Max CVSS
6.2
EPSS Score
0.12%
Published
2016-10-16
Updated
2018-01-05
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-10-16
Updated
2023-02-12
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-10-16
Updated
2023-02-12
drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow.
Max CVSS
9.8
EPSS Score
0.45%
Published
2016-10-10
Updated
2020-08-03
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
Max CVSS
6.1
EPSS Score
0.04%
Published
2016-10-10
Updated
2018-01-05
6 vulnerabilities found