| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-10088 |
416 |
|
DoS |
2016-12-30 |
2018-01-04 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. |
|
2 |
CVE-2016-9919 |
20 |
|
DoS |
2016-12-08 |
2016-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. |
|
3 |
CVE-2016-9806 |
415 |
|
DoS |
2016-12-28 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. |
|
4 |
CVE-2016-9794 |
416 |
|
DoS |
2016-12-28 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. |
|
5 |
CVE-2016-9793 |
119 |
|
DoS Overflow Mem. Corr. |
2016-12-28 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. |
|
6 |
CVE-2016-9777 |
125 |
|
DoS +Priv |
2016-12-28 |
2016-12-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. |
|
7 |
CVE-2016-9756 |
200 |
|
+Info |
2016-12-28 |
2017-01-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
8 |
CVE-2016-9755 |
787 |
|
DoS Overflow |
2016-12-28 |
2016-12-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. |
|
9 |
CVE-2016-9685 |
400 |
|
DoS |
2016-12-28 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. |
|
10 |
CVE-2016-9644 |
264 |
|
|
2016-11-27 |
2017-01-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. |
|
11 |
CVE-2016-9588 |
388 |
|
DoS |
2016-12-28 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. |
|
12 |
CVE-2016-9576 |
416 |
|
DoS |
2016-12-28 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. |
|
13 |
CVE-2016-9555 |
125 |
|
DoS |
2016-11-27 |
2018-01-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. |
|
14 |
CVE-2016-9313 |
476 |
|
DoS |
2016-11-27 |
2016-11-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. |
|
15 |
CVE-2016-9191 |
20 |
|
DoS |
2016-11-27 |
2017-11-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. |
|
16 |
CVE-2016-9178 |
200 |
|
+Info |
2016-11-27 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. |
|
17 |
CVE-2016-9120 |
416 |
|
DoS +Priv |
2016-12-08 |
2016-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. |
|
18 |
CVE-2016-9084 |
190 |
|
DoS Overflow |
2016-11-27 |
2018-01-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. |
|
19 |
CVE-2016-9083 |
190 |
|
DoS Overflow Mem. Corr. Bypass |
2016-11-27 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." |
|
20 |
CVE-2016-8666 |
400 |
|
DoS |
2016-10-16 |
2018-01-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. |
|
21 |
CVE-2016-8660 |
19 |
|
DoS |
2016-10-16 |
2016-11-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." |
|
22 |
CVE-2016-8658 |
119 |
|
DoS Overflow |
2016-10-16 |
2017-01-06 |
5.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Complete |
|
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. |
|
23 |
CVE-2016-8655 |
416 |
|
DoS +Priv |
2016-12-08 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. |
|
24 |
CVE-2016-8650 |
20 |
|
DoS Mem. Corr. |
2016-11-27 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. |
|
25 |
CVE-2016-8646 |
476 |
|
DoS |
2016-11-27 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. |
|
26 |
CVE-2016-8645 |
284 |
|
DoS |
2016-11-27 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. |
|
27 |
CVE-2016-8633 |
119 |
|
Exec Code Overflow |
2016-11-27 |
2016-11-28 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. |
|
28 |
CVE-2016-8632 |
119 |
|
DoS Overflow +Priv |
2016-11-27 |
2016-11-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. |
|
29 |
CVE-2016-8630 |
284 |
|
DoS |
2016-11-27 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. |
|
30 |
CVE-2016-7917 |
125 |
|
DoS +Info |
2016-11-16 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. |
|
31 |
CVE-2016-7916 |
362 |
|
+Info |
2016-11-16 |
2017-01-17 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. |
|
32 |
CVE-2016-7915 |
125 |
|
DoS +Info |
2016-11-16 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. |
|
33 |
CVE-2016-7914 |
125 |
|
DoS +Info |
2016-11-16 |
2018-01-04 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. |
|
34 |
CVE-2016-7913 |
416 |
|
DoS +Priv |
2016-11-16 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. |
|
35 |
CVE-2016-7912 |
416 |
|
+Priv |
2016-11-16 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. |
|
36 |
CVE-2016-7911 |
416 |
|
DoS +Priv |
2016-11-16 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. |
|
37 |
CVE-2016-7910 |
416 |
|
+Priv |
2016-11-16 |
2018-01-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. |
|
38 |
CVE-2016-7425 |
119 |
|
DoS Overflow +Priv |
2016-10-16 |
2017-01-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. |
|
39 |
CVE-2016-7117 |
19 |
|
Exec Code |
2016-10-10 |
2018-01-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. |
|
40 |
CVE-2016-7097 |
285 |
|
+Priv |
2016-10-16 |
2018-01-04 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. |
|
41 |
CVE-2016-7042 |
119 |
|
DoS Overflow Mem. Corr. |
2016-10-16 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. |
|
42 |
CVE-2016-7039 |
399 |
|
DoS |
2016-10-16 |
2018-01-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666. |
|
43 |
CVE-2016-6828 |
416 |
|
DoS |
2016-10-16 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. |
|
44 |
CVE-2016-6787 |
264 |
|
+Priv |
2016-12-28 |
2017-11-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. |
|
45 |
CVE-2016-6786 |
264 |
|
+Priv |
2016-12-28 |
2017-11-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. |
|
46 |
CVE-2016-6516 |
119 |
|
DoS Overflow +Priv |
2016-08-06 |
2016-11-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability. |
|
47 |
CVE-2016-6480 |
362 |
|
DoS |
2016-08-06 |
2018-01-04 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. |
|
48 |
CVE-2016-6327 |
476 |
|
DoS |
2016-10-16 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. |
|
49 |
CVE-2016-6213 |
400 |
|
DoS |
2016-12-28 |
2018-01-04 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. |
|
50 |
CVE-2016-6198 |
284 |
|
DoS |
2016-08-06 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. |
