| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-0435 |
787 |
|
Overflow |
2022-03-25 |
2023-02-14 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. |
|
2 |
CVE-2019-19816 |
787 |
|
|
2019-12-17 |
2023-01-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. |
|
3 |
CVE-2019-19814 |
787 |
|
|
2019-12-17 |
2020-01-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this. |
|
4 |
CVE-2019-15926 |
125 |
|
|
2019-09-04 |
2023-01-19 |
9.4 |
None |
Remote |
Low |
Not required |
Complete |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c. |
|
5 |
CVE-2019-15505 |
125 |
|
|
2019-08-23 |
2022-11-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). |
|
6 |
CVE-2019-15504 |
415 |
|
|
2019-08-23 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). |
|
7 |
CVE-2019-15292 |
416 |
|
|
2019-08-21 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. |
|
8 |
CVE-2019-14901 |
400 |
|
DoS Exec Code Overflow |
2019-11-29 |
2023-02-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. |
|
9 |
CVE-2019-14896 |
122 |
|
DoS Exec Code Overflow |
2019-11-27 |
2023-02-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. |
|
10 |
CVE-2019-11815 |
362 |
|
|
2019-05-08 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. |
|
11 |
CVE-2019-11683 |
787 |
|
DoS Mem. Corr. |
2019-05-02 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. |
|
12 |
CVE-2019-10220 |
22 |
|
Dir. Trav. |
2019-11-27 |
2022-11-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. |
|
13 |
CVE-2019-10125 |
416 |
|
|
2019-03-27 |
2021-06-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. |
|
14 |
CVE-2018-20961 |
415 |
|
DoS |
2019-08-07 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. |
|
15 |
CVE-2018-20836 |
362 |
|
|
2019-05-07 |
2022-11-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. |
|
16 |
CVE-2018-12714 |
787 |
|
DoS |
2018-06-24 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls. |
|
17 |
CVE-2018-5703 |
787 |
|
DoS |
2018-01-16 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. |
|
18 |
CVE-2017-18017 |
416 |
|
DoS Mem. Corr. |
2018-01-03 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. |
|
19 |
CVE-2017-15126 |
119 |
|
Overflow |
2018-01-14 |
2023-02-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put(). |
|
20 |
CVE-2017-13715 |
665 |
|
DoS Exec Code |
2017-08-29 |
2023-01-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. |
|
21 |
CVE-2017-12762 |
119 |
|
Overflow |
2017-08-09 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree. |
|
22 |
CVE-2017-7895 |
119 |
|
Overflow |
2017-04-28 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. |
|
23 |
CVE-2017-6264 |
125 |
|
Exec Code |
2017-11-14 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264. |
|
24 |
CVE-2017-0648 |
|
|
Exec Code |
2017-06-14 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220. |
|
25 |
CVE-2017-0564 |
|
|
Exec Code |
2017-04-07 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203. |
|
26 |
CVE-2017-0563 |
345 |
|
Exec Code |
2017-04-07 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. |
|
27 |
CVE-2017-0561 |
787 |
|
Exec Code |
2017-04-07 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814. |
|
28 |
CVE-2017-0528 |
|
|
Exec Code Bypass |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-33351919. |
|
29 |
CVE-2017-0510 |
|
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555. |
|
30 |
CVE-2017-0508 |
|
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449. |
|
31 |
CVE-2017-0507 |
|
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382. |
|
32 |
CVE-2017-0455 |
200 |
|
Exec Code Bypass +Info |
2017-03-08 |
2017-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755. |
|
33 |
CVE-2017-0430 |
|
|
Exec Code |
2017-02-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459. |
|
34 |
CVE-2017-0429 |
787 |
|
Exec Code |
2017-02-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429. |
|
35 |
CVE-2017-0428 |
416 |
|
Exec Code |
2017-02-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428. |
|
36 |
CVE-2017-0427 |
|
|
Exec Code |
2017-02-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866. |
|
37 |
CVE-2017-0338 |
|
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33057977. References: N-CVE-2017-0338. |
|
38 |
CVE-2017-0337 |
|
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-31992762. References: N-CVE-2017-0337. |
|
39 |
CVE-2017-0335 |
|
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33043375. References: N-CVE-2017-0335. |
|
40 |
CVE-2017-0333 |
|
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33899363. References: N-CVE-2017-0333. |
|
41 |
CVE-2017-0331 |
367 |
|
Exec Code |
2017-05-02 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. |
|
42 |
CVE-2017-0307 |
190 |
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33177895. References: N-CVE-2017-0307. |
|
43 |
CVE-2017-0306 |
120 |
|
Exec Code |
2017-03-08 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-34132950. References: N-CVE-2017-0306. |
|
44 |
CVE-2016-10277 |
264 |
|
Exec Code |
2017-05-12 |
2017-09-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. |
|
45 |
CVE-2016-10229 |
358 |
|
Exec Code |
2017-04-04 |
2022-11-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. |
|
46 |
CVE-2016-10150 |
264 |
|
DoS +Priv |
2017-02-06 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. |
|
47 |
CVE-2016-9644 |
264 |
|
|
2016-11-28 |
2017-01-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. |
|
48 |
CVE-2016-9555 |
125 |
|
DoS |
2016-11-28 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. |
|
49 |
CVE-2016-9313 |
476 |
|
DoS |
2016-11-28 |
2022-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. |
|
50 |
CVE-2016-9120 |
264 |
|
DoS +Priv |
2016-12-08 |
2023-01-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. |
