Vulnerabilities > Linux > Linux Kernel > 2.6.16.13

DATE CVE VULNERABILITY TITLE RISK
2016-05-02 CVE-2015-4170 Race Condition vulnerability in Linux Kernel
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
4.7
2016-05-02 CVE-2015-2672 Improper Input Validation vulnerability in Linux Kernel
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.
local
low complexity
linux CWE-20
4.9
2016-05-02 CVE-2015-1573 Data Processing Errors vulnerability in Linux Kernel
The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.
local
low complexity
linux CWE-19
4.9
2016-05-02 CVE-2014-9717 Improper Access Control vulnerability in Linux Kernel
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
local
low complexity
linux CWE-284
3.6
2016-05-02 CVE-2012-6701 Integer Overflow or Wraparound vulnerability in Linux Kernel
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.
local
low complexity
linux CWE-190
7.8
2016-05-02 CVE-2012-6689 Improper Access Control vulnerability in Linux Kernel
The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.
local
low complexity
linux CWE-284
7.8
2016-05-02 CVE-2011-5321 Unspecified vulnerability in Linux Kernel
The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory.
local
low complexity
linux
4.9
2016-05-02 CVE-2008-7316 Improper Input Validation vulnerability in Linux Kernel
mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length.
local
low complexity
linux CWE-20
2.1
2016-04-27 CVE-2016-3672 7PK - Security Features vulnerability in multiple products
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
local
low complexity
canonical novell linux CWE-254
7.8
2016-04-27 CVE-2016-3156 Resource Management Errors vulnerability in multiple products
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
local
low complexity
novell canonical linux CWE-399
5.5