Vulnerabilities > Linux > Linux Kernel > 2.1.63

DATE CVE VULNERABILITY TITLE RISK
2016-05-02 CVE-2015-4176 Information Exposure vulnerability in Linux Kernel
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.
local
low complexity
linux CWE-200
2.1
2016-05-02 CVE-2015-4170 Race Condition vulnerability in Linux Kernel
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
4.7
2016-05-02 CVE-2015-2672 Improper Input Validation vulnerability in Linux Kernel
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.
local
low complexity
linux CWE-20
4.9
2016-05-02 CVE-2015-1573 Data Processing Errors vulnerability in Linux Kernel
The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.
local
low complexity
linux CWE-19
4.9
2016-05-02 CVE-2014-9717 Improper Access Control vulnerability in Linux Kernel
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
local
low complexity
linux CWE-284
3.6
2016-05-02 CVE-2012-6701 Integer Overflow or Wraparound vulnerability in Linux Kernel
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.
local
low complexity
linux CWE-190
7.8
2016-05-02 CVE-2012-6689 Improper Access Control vulnerability in Linux Kernel
The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.
local
low complexity
linux CWE-284
7.8
2016-05-02 CVE-2011-5321 Unspecified vulnerability in Linux Kernel
The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory.
local
low complexity
linux
4.9
2016-05-02 CVE-2008-7316 Improper Input Validation vulnerability in Linux Kernel
mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length.
local
low complexity
linux CWE-20
2.1
2016-05-02 CVE-2003-1604 Null Pointer Deference Denial of Service vulnerability in Linux Kernel
The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.
network
low complexity
linux
7.8