Vulnerabilities > Linux > Linux Kernel > 3.18.41

DATE CVE VULNERABILITY TITLE RISK
2016-03-12 CVE-2016-0823 Information Exposure vulnerability in multiple products
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
local
low complexity
google linux CWE-200
4.0
2016-03-12 CVE-2016-0821 Use of Uninitialized Resource vulnerability in multiple products
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
local
low complexity
linux google CWE-908
5.5
2016-02-08 CVE-2016-0723 Unspecified vulnerability in Linux Kernel
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
local
low complexity
linux
6.8
2016-02-08 CVE-2015-8785 Infinite Loop vulnerability in multiple products
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
local
low complexity
linux suse CWE-835
6.2
2016-02-08 CVE-2015-8767 Race Condition vulnerability in multiple products
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
local
low complexity
linux debian canonical CWE-362
6.2
2016-02-08 CVE-2015-8709 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call.
local
high complexity
linux CWE-264
7.0
2016-02-08 CVE-2015-8575 Information Exposure vulnerability in Linux Kernel
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
local
low complexity
linux CWE-200
4.0
2016-02-08 CVE-2015-8539 Improper Privilege Management vulnerability in multiple products
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
local
low complexity
suse canonical linux CWE-269
7.8
2016-02-08 CVE-2015-7566 The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
low complexity
novell linux
4.6
2016-02-08 CVE-2015-7550 Unspecified vulnerability in Linux Kernel
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.
local
low complexity
linux
5.5