Vulnerabilities > Linux > Linux Kernel > 2.5.44

DATE CVE VULNERABILITY TITLE RISK
2016-08-06 CVE-2016-5412 Resource Management Errors vulnerability in Linux Kernel
arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.
local
low complexity
linux CWE-399
6.5
2016-08-06 CVE-2016-5400 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations.
low complexity
linux CWE-119
4.3
2016-08-06 CVE-2016-3841 Use After Free vulnerability in multiple products
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
local
low complexity
google linux CWE-416
7.3
2016-08-06 CVE-2016-3070 NULL Pointer Dereference vulnerability in multiple products
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
local
low complexity
debian linux CWE-476
7.8
2016-08-06 CVE-2015-8944 Information Exposure vulnerability in multiple products
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116.
local
low complexity
linux google CWE-200
5.5
2016-08-06 CVE-2014-9900 Information Exposure vulnerability in multiple products
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
local
low complexity
linux google CWE-200
5.5
2016-08-06 CVE-2014-9895 Information Exposure vulnerability in multiple products
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.
local
low complexity
linux google CWE-200
5.5
2016-08-06 CVE-2014-9892 Information Exposure vulnerability in multiple products
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.
local
low complexity
linux google CWE-200
5.5
2016-08-06 CVE-2014-9888 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.
local
low complexity
linux CWE-264
7.8
2016-08-06 CVE-2014-9870 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.
local
low complexity
linux google CWE-264
7.8