Vulnerabilities > Linux > Linux Kernel > 2.1.63

DATE CVE VULNERABILITY TITLE RISK
2016-11-16 CVE-2016-7911 Use After Free vulnerability in Linux Kernel
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
local
low complexity
linux CWE-416
7.8
2016-11-16 CVE-2016-7910 Use After Free vulnerability in Linux Kernel
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.
local
low complexity
linux CWE-416
7.8
2016-11-16 CVE-2015-8964 Information Exposure vulnerability in Linux Kernel
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.
network
linux CWE-200
7.1
2016-11-16 CVE-2015-8963 Use After Free vulnerability in Linux Kernel
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.
local
high complexity
linux CWE-416
7.0
2016-11-16 CVE-2015-8962 Double Free vulnerability in Linux Kernel
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.
local
low complexity
linux CWE-415
7.3
2016-10-16 CVE-2016-8660 Data Processing Errors vulnerability in Linux Kernel
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."
local
low complexity
linux CWE-19
4.9
2016-10-16 CVE-2016-8658 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.
local
low complexity
linux CWE-119
5.6
2016-10-16 CVE-2016-7097 Improper Authorization vulnerability in Linux Kernel
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
local
low complexity
linux CWE-285
4.4
2016-10-16 CVE-2016-7042 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.
local
low complexity
linux CWE-119
4.9
2016-10-16 CVE-2016-6828 Use After Free vulnerability in Linux Kernel
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
local
low complexity
linux CWE-416
5.5