Vulnerabilities > Linux > Linux Kernel > 2.6.14.4

DATE CVE VULNERABILITY TITLE RISK
2016-05-02 CVE-2016-1576 The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
local
low complexity
canonical linux
7.2
2016-05-02 CVE-2016-1575 Improper Privilege Management vulnerability in multiple products
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
local
low complexity
linux canonical CWE-269
7.2
2016-05-02 CVE-2015-8746 Unspecified vulnerability in Linux Kernel
fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.
network
low complexity
linux
5.0
2016-05-02 CVE-2015-8324 Unspecified vulnerability in Linux Kernel
The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.
low complexity
linux
4.6
2016-05-02 CVE-2015-4178 Unspecified vulnerability in Linux Kernel
The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h.
local
low complexity
linux
4.9
2016-05-02 CVE-2015-4177 Unspecified vulnerability in Linux Kernel
The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call.
local
low complexity
linux
4.9
2016-05-02 CVE-2015-4176 Information Exposure vulnerability in Linux Kernel
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.
local
low complexity
linux CWE-200
2.1
2016-05-02 CVE-2015-4170 Race Condition vulnerability in Linux Kernel
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
4.7
2016-05-02 CVE-2015-2672 Improper Input Validation vulnerability in Linux Kernel
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.
local
low complexity
linux CWE-20
4.9
2016-05-02 CVE-2015-1573 Data Processing Errors vulnerability in Linux Kernel
The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.
local
low complexity
linux CWE-19
4.9