Vulnerabilities > Linux > Linux Kernel > 3.18.32
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-28 | CVE-2015-7990 | Race Condition vulnerability in Linux Kernel Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. | 5.9 |
| 2015-12-28 | CVE-2015-7885 | Information Exposure vulnerability in Linux Kernel The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 2.1 |
| 2015-12-28 | CVE-2015-7884 | Information Exposure vulnerability in Linux Kernel The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 1.9 |
| 2015-12-28 | CVE-2013-7446 | Unspecified vulnerability in Linux Kernel Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. | 5.3 |
| 2015-11-16 | CVE-2015-8215 | Improper Input Validation vulnerability in Linux Kernel net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. | 5.0 |
| 2015-11-16 | CVE-2015-7312 | Use After Free vulnerability in multiple products Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. | 4.4 |
| 2015-11-16 | CVE-2015-2925 | 7PK - Security Features vulnerability in Linux Kernel The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." | 6.9 |
| 2015-10-19 | CVE-2015-7799 | Local Denial of Service vulnerability in Google Android 'PPP Character Device Driver' The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. | 4.9 |
| 2015-10-19 | CVE-2015-7613 | Race Condition vulnerability in Linux Kernel Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. | 6.9 |
| 2015-10-19 | CVE-2015-6937 | Null Pointer Deference Denial of Service vulnerability in Linux Kernel The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. | 4.9 |