CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2016-9083 190 DoS Overflow Mem. Corr. Bypass 2016-11-27 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."
202 CVE-2016-8666 400 DoS 2016-10-16 2018-01-04
7.8
None Remote Low Not required None None Complete
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
203 CVE-2016-8655 416 DoS +Priv 2016-12-08 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
204 CVE-2016-8636 190 DoS Overflow Mem. Corr. +Info 2017-02-22 2017-02-28
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.
205 CVE-2016-8632 119 DoS Overflow +Priv 2016-11-27 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
206 CVE-2016-8481 264 Exec Code 2017-02-08 2017-07-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000.
207 CVE-2016-8480 264 Exec Code 2017-02-08 2017-07-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186.
208 CVE-2016-8476 264 Exec Code 2017-02-08 2017-07-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940.
209 CVE-2016-8468 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425.
210 CVE-2016-8466 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31822524. References: B-RB#105268.
211 CVE-2016-8465 264 Exec Code 2017-01-12 2017-07-10
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053.
212 CVE-2016-8464 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314.
213 CVE-2016-8463 399 DoS 2017-01-12 2017-01-17
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855.
214 CVE-2016-8458 264 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442.
215 CVE-2016-8457 264 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116.
216 CVE-2016-8456 264 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580.
217 CVE-2016-8454 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32174590. References: B-RB#107142.
218 CVE-2016-8453 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392.
219 CVE-2016-8452 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323.
220 CVE-2016-8451 264 Exec Code 2017-01-12 2017-01-18
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033.
221 CVE-2016-8450 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388.
222 CVE-2016-8449 264 Exec Code 2017-01-12 2017-10-18
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449.
223 CVE-2016-8444 284 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310.
224 CVE-2016-8443 285 2017-01-12 2017-01-23
7.2
None Local Low Not required Complete Complete Complete
Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185.
225 CVE-2016-8442 20 2017-01-12 2017-01-23
7.2
None Local Low Not required Complete Complete Complete
Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173.
226 CVE-2016-8441 119 Overflow 2017-01-12 2017-01-23
7.2
None Local Low Not required Complete Complete Complete
Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769.
227 CVE-2016-8421 264 Exec Code 2017-02-08 2017-07-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797.
228 CVE-2016-8420 264 Exec Code 2017-02-08 2017-07-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807.
229 CVE-2016-8419 264 Exec Code 2017-02-08 2017-07-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209.
230 CVE-2016-8417 264 Exec Code 2017-03-07 2017-07-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824.
231 CVE-2016-8415 284 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596.
232 CVE-2016-8412 284 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891.
233 CVE-2016-8399 284 Exec Code 2017-01-12 2018-01-04
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.
234 CVE-2016-8395 DoS 2017-01-12 2017-10-18
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395.
235 CVE-2016-8394 284 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197.
236 CVE-2016-8393 284 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920.
237 CVE-2016-8392 284 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136.
238 CVE-2016-8391 284 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166.
239 CVE-2016-7914 125 DoS +Info 2016-11-16 2018-01-04
7.1
None Remote Medium Not required Complete None None
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.
240 CVE-2016-7425 119 DoS Overflow +Priv 2016-10-16 2017-01-06
7.2
None Local Low Not required Complete Complete Complete
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
241 CVE-2016-7039 399 DoS 2016-10-16 2018-01-04
7.8
None Remote Low Not required None None Complete
The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.
242 CVE-2016-6791 284 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809.
243 CVE-2016-6780 284 Exec Code 2017-01-12 2017-01-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496.
244 CVE-2016-6779 284 Exec Code 2017-01-12 2017-01-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004.
245 CVE-2016-6778 284 Exec Code 2017-01-12 2017-01-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646.
246 CVE-2016-6755 284 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916.
247 CVE-2016-6187 119 Overflow +Priv 2016-08-06 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.
248 CVE-2016-5856 264 +Priv 2017-04-12 2017-04-19
7.6
None Remote High Not required Complete Complete Complete
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.
249 CVE-2016-5829 119 DoS Overflow 2016-06-27 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
250 CVE-2016-5828 20 DoS 2016-06-27 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
Total number of vulnerabilities : 569   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.