Vulnerabilities > Linux > Linux Kernel > 3.18.41

DATE CVE VULNERABILITY TITLE RISK
2016-04-27 CVE-2016-2184 The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
low complexity
linux canonical novell
4.6
2016-04-27 CVE-2016-2143 Improper Input Validation vulnerability in multiple products
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.
local
low complexity
linux debian redhat oracle CWE-20
7.8
2016-04-27 CVE-2016-2085 Data Processing Errors vulnerability in Linux Kernel
The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.
local
low complexity
linux CWE-19
5.5
2016-04-27 CVE-2016-2069 Race Condition vulnerability in multiple products
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
local
high complexity
canonical linux CWE-362
7.4
2016-04-27 CVE-2015-8845 Improper Access Control vulnerability in multiple products
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
local
low complexity
linux suse novell CWE-284
5.5
2016-04-27 CVE-2015-8844 Improper Input Validation vulnerability in Linux Kernel
The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
local
low complexity
linux CWE-20
5.5
2016-04-27 CVE-2015-7515 NULL Pointer Dereference vulnerability in Linux Kernel
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
low complexity
linux CWE-476
4.6
2016-04-27 CVE-2015-1339 Resource Management Errors vulnerability in multiple products
Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.
local
low complexity
linux novell CWE-399
6.2
2016-03-12 CVE-2016-0823 Information Exposure vulnerability in multiple products
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
local
low complexity
google linux CWE-200
4.0
2016-03-12 CVE-2016-0821 Use of Uninitialized Resource vulnerability in multiple products
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
local
low complexity
linux google CWE-908
5.5