Vulnerabilities > Linux > Linux Kernel > 3.10.108
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-11-28 | CVE-2016-8630 | NULL Pointer Dereference vulnerability in Linux Kernel The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. | 5.5 |
2016-11-28 | CVE-2015-8970 | NULL Pointer Dereference vulnerability in Linux Kernel crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. | 5.5 |
2016-11-16 | CVE-2015-8963 | Use After Free vulnerability in Linux Kernel Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. | 7.0 |
2016-11-16 | CVE-2015-8961 | Use After Free vulnerability in Linux Kernel The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. | 7.8 |
2016-10-16 | CVE-2016-7097 | Improper Authorization vulnerability in Linux Kernel The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. | 4.4 |
2016-10-16 | CVE-2016-6828 | Use After Free vulnerability in Linux Kernel The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. | 5.5 |
2016-10-16 | CVE-2016-6327 | NULL Pointer Dereference vulnerability in Linux Kernel drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. | 5.5 |
2016-08-07 | CVE-2014-9410 | Improper Input Validation vulnerability in Linux Kernel The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. | 7.2 |
2016-08-06 | CVE-2016-5696 | Information Exposure vulnerability in multiple products net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. | 5.8 |
2016-08-06 | CVE-2016-5412 | Resource Management Errors vulnerability in Linux Kernel arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. | 6.5 |