Vulnerabilities > Linux > Linux Kernel > 2.6.16.33
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-05-02 | CVE-2015-4176 | Information Exposure vulnerability in Linux Kernel fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. | 5.5 |
2016-05-02 | CVE-2015-4170 | Race Condition vulnerability in multiple products Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. | 4.7 |
2016-05-02 | CVE-2015-2672 | Improper Input Validation vulnerability in Linux Kernel The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. | 5.5 |
2016-05-02 | CVE-2015-1573 | Data Processing Errors vulnerability in Linux Kernel The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. | 5.5 |
2016-05-02 | CVE-2014-9717 | Improper Access Control vulnerability in Linux Kernel fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. | 6.1 |
2016-05-02 | CVE-2012-6701 | Integer Overflow or Wraparound vulnerability in Linux Kernel Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. | 7.8 |
2016-05-02 | CVE-2012-6689 | Improper Access Control vulnerability in Linux Kernel The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. | 7.8 |
2016-05-02 | CVE-2011-5321 | Unspecified vulnerability in Linux Kernel The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory. | 5.5 |
2016-05-02 | CVE-2008-7316 | Improper Input Validation vulnerability in Linux Kernel mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. | 5.5 |
2016-04-27 | CVE-2016-3672 | 7PK - Security Features vulnerability in multiple products The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. | 7.8 |