Linux : Security Vulnerabilities, CVEs, Published In 2016 (Gain Privilege) CVSS score >= 5
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-11-28
Updated
2023-02-12
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
Max CVSS
6.8
EPSS Score
5.24%
Published
2016-11-28
Updated
2023-02-12
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-11-28
Updated
2023-02-12
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-08-06
Updated
2019-12-27
The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.
Max CVSS
7.1
EPSS Score
0.06%
Published
2016-06-27
Updated
2016-06-27
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
Max CVSS
8.1
EPSS Score
2.68%
Published
2016-06-27
Updated
2023-02-12
nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-06-29
Updated
2016-11-28
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-04-27
Updated
2018-01-05
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
Max CVSS
6.1
EPSS Score
0.04%
Published
2016-05-02
Updated
2016-08-12
The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-05-02
Updated
2023-01-20
10 vulnerabilities found