Vulnerabilities > Linux > Linux Kernel > 3.10.108
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-28 | CVE-2016-9755 | Out-of-bounds Write vulnerability in Linux Kernel The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. | 7.8 |
| 2016-12-28 | CVE-2016-9588 | 7PK - Errors vulnerability in Linux Kernel arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. | 5.5 |
| 2016-12-28 | CVE-2016-6787 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. | 7.0 |
| 2016-12-28 | CVE-2016-6786 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. | 7.0 |
| 2016-12-08 | CVE-2015-8967 | Permissions, Privileges, and Access Controls vulnerability in multiple products arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. | 7.8 |
| 2016-11-28 | CVE-2016-8650 | Resource Management Errors vulnerability in Linux Kernel The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | 5.5 |
| 2016-11-28 | CVE-2016-8646 | NULL Pointer Dereference vulnerability in Linux Kernel The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. | 5.5 |
| 2016-11-28 | CVE-2016-8645 | Improper Access Control vulnerability in Linux Kernel The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. | 5.5 |
| 2016-11-28 | CVE-2016-8633 | Improper Access Control vulnerability in Linux Kernel drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | 6.8 |
| 2016-11-28 | CVE-2016-8632 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. | 7.8 |