Vulnerabilities > Linux > Linux Kernel > 3.18.58

DATE CVE VULNERABILITY TITLE RISK
2016-11-28 CVE-2015-1328 Permissions, Privileges, and Access Controls vulnerability in multiple products
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
local
low complexity
canonical linux CWE-264
7.2
2016-11-16 CVE-2016-7917 Information Exposure vulnerability in Linux Kernel
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.
network
linux CWE-200
4.3
2016-11-16 CVE-2016-7916 Race Condition vulnerability in Linux Kernel
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.
local
linux CWE-362
4.7
2016-11-16 CVE-2016-7915 Out-of-bounds Read vulnerability in Linux Kernel
The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.
network
linux CWE-125
4.3
2016-11-16 CVE-2016-7914 NULL Pointer Dereference vulnerability in Linux Kernel
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.
network
linux CWE-476
7.1
2016-11-16 CVE-2016-7912 Use After Free vulnerability in Linux Kernel
Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.
local
low complexity
linux CWE-416
7.8
2016-11-16 CVE-2015-8964 Information Exposure vulnerability in Linux Kernel
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.
network
linux CWE-200
7.1
2016-10-16 CVE-2016-8660 Data Processing Errors vulnerability in Linux Kernel
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."
local
low complexity
linux CWE-19
4.9
2016-10-16 CVE-2016-8658 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.
local
low complexity
linux CWE-119
5.6
2016-10-16 CVE-2016-7097 Improper Authorization vulnerability in Linux Kernel
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
local
low complexity
linux CWE-285
4.4