CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2016-4565 264 DoS 2016-05-23 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
402 CVE-2016-4557 DoS +Priv 2016-05-23 2017-09-02
7.2
None Local Low Not required Complete Complete Complete
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.
403 CVE-2016-4440 264 DoS Exec Code 2016-06-27 2016-06-27
7.2
None Local Low Not required Complete Complete Complete
arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.
404 CVE-2016-3955 119 DoS Overflow 2016-07-03 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
405 CVE-2016-3841 416 DoS +Priv 2016-08-06 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
406 CVE-2016-3135 189 DoS Overflow +Priv Mem. Corr. 2016-04-27 2017-09-07
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
407 CVE-2016-3134 119 DoS Overflow +Priv Mem. Corr. 2016-04-27 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
408 CVE-2016-2070 189 DoS 2016-05-02 2016-05-05
7.8
None Remote Low Not required None None Complete
The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.
409 CVE-2016-2068 119 DoS Overflow +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.
410 CVE-2016-2067 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.
411 CVE-2016-2066 119 DoS Overflow +Priv Mem. Corr. 2016-06-12 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call.
412 CVE-2016-2065 787 DoS Mem. Corr. 2016-08-07 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.
413 CVE-2016-2064 125 DoS 2016-08-07 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands.
414 CVE-2016-2063 119 DoS Overflow 2016-08-07 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface.
415 CVE-2016-2062 20 DoS Overflow 2016-05-05 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.
416 CVE-2016-2061 264 DoS Overflow +Priv Mem. Corr. 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.
417 CVE-2016-2059 362 DoS +Priv 2016-05-05 2016-11-30
7.2
None Local Low Not required Complete Complete Complete
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.
418 CVE-2016-1583 119 DoS Overflow +Priv 2016-06-27 2018-12-06
7.2
None Local Low Not required Complete Complete Complete
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
419 CVE-2016-1576 264 +Priv 2016-05-02 2016-05-06
7.2
None Local Low Not required Complete Complete Complete
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
420 CVE-2016-1575 264 +Priv 2016-05-02 2017-05-08
7.2
None Local Low Not required Complete Complete Complete
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
421 CVE-2016-0758 Overflow +Priv 2016-06-27 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
422 CVE-2016-0728 DoS Overflow +Priv 2016-02-07 2017-11-09
7.2
None Local Low Not required Complete Complete Complete
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
423 CVE-2015-9289 119 Overflow 2019-07-27 2019-07-31
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.
424 CVE-2015-9004 264 +Priv 2017-05-02 2017-05-12
9.3
None Remote Medium Not required Complete Complete Complete
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
425 CVE-2015-8967 264 +Priv Bypass 2016-12-08 2016-12-09
9.3
None Remote Medium Not required Complete Complete Complete
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
426 CVE-2015-8966 264 +Priv 2016-12-08 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.
427 CVE-2015-8964 200 +Info 2016-11-16 2016-11-28
7.1
None Remote Medium Not required Complete None None
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.
428 CVE-2015-8963 416 DoS +Priv 2016-11-16 2016-11-28
7.6
None Remote High Not required Complete Complete Complete
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.
429 CVE-2015-8962 415 DoS +Priv Mem. Corr. 2016-11-16 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.
430 CVE-2015-8961 416 DoS +Priv 2016-11-16 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.
431 CVE-2015-8830 DoS Overflow 2016-05-02 2018-10-31
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.
432 CVE-2015-8816 DoS 2016-04-27 2016-12-02
7.2
None Local Low Not required Complete Complete Complete
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.
433 CVE-2015-8812 DoS Exec Code 2016-04-27 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
434 CVE-2015-8787 DoS 2016-02-07 2016-12-05
10.0
None Remote Low Not required Complete Complete Complete
The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.
435 CVE-2015-8660 264 Bypass 2015-12-28 2017-09-09
7.2
None Local Low Not required Complete Complete Complete
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
436 CVE-2015-8539 264 DoS +Priv 2016-02-07 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
437 CVE-2015-8019 20 DoS Mem. Corr. 2016-05-02 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.
438 CVE-2015-5738 200 +Info 2016-07-26 2017-09-02
7.8
None Remote Low Not required Complete None None
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
439 CVE-2015-5364 399 DoS 2015-08-31 2018-01-04
7.8
None Remote Low Not required None None Complete
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.
440 CVE-2015-5157 264 +Priv 2015-08-31 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
441 CVE-2015-4036 119 DoS Overflow Mem. Corr. 2015-08-31 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.
442 CVE-2015-4004 119 DoS Overflow +Info 2015-06-07 2016-11-28
8.5
None Remote Low Not required Partial None Complete
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
443 CVE-2015-4003 189 DoS 2015-06-07 2016-12-27
7.8
None Remote Low Not required None None Complete
The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
444 CVE-2015-4002 119 DoS Exec Code Overflow 2015-06-07 2016-12-27
9.0
None Remote Low Not required Partial Partial Complete
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
445 CVE-2015-4001 189 DoS Exec Code 2015-06-07 2016-12-27
9.0
None Remote Low Not required Partial Partial Complete
Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
446 CVE-2015-3331 119 DoS Exec Code Overflow 2015-05-27 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
447 CVE-2015-3290 264 +Priv 2015-08-31 2017-09-16
7.2
None Local Low Not required Complete Complete Complete
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
448 CVE-2015-3288 20 DoS +Priv 2016-10-16 2017-01-06
7.2
None Local Low Not required Complete Complete Complete
mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.
449 CVE-2015-2686 264 +Priv 2016-05-02 2016-06-27
7.2
None Local Low Not required Complete Complete Complete
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.
450 CVE-2015-1805 17 DoS +Priv 2015-08-08 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Total number of vulnerabilities : 768   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.