Vulnerabilities > Linux > Linux Kernel > 2.0.28

DATE CVE VULNERABILITY TITLE RISK
2016-07-03 CVE-2016-4998 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.
local
low complexity
linux oracle canonical CWE-119
7.1
2016-07-03 CVE-2016-3955 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
network
low complexity
canonical linux debian CWE-119
critical
9.8
2016-06-29 CVE-2016-1237 Improper Access Control vulnerability in Linux Kernel
nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.
local
low complexity
linux CWE-284
4.9
2016-06-27 CVE-2016-5829 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
local
low complexity
debian linux novell canonical CWE-119
7.8
2016-06-27 CVE-2016-5728 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
5.4
2016-06-27 CVE-2016-5244 Information Exposure vulnerability in multiple products
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
network
low complexity
fedoraproject suse redhat linux CWE-200
5.0
2016-06-27 CVE-2016-5243 Information Exposure vulnerability in Linux Kernel
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
local
low complexity
linux CWE-200
2.1
2016-06-27 CVE-2016-4470 The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
local
low complexity
oracle linux novell redhat
5.5
2016-06-27 CVE-2016-3713 Improper Access Control vulnerability in Linux Kernel
The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.
local
low complexity
linux CWE-284
5.6
2016-05-23 CVE-2016-4913 Information Exposure vulnerability in multiple products
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
local
low complexity
canonical linux oracle novell CWE-200
7.8