Vulnerabilities > Linux > Linux Kernel > 3.18.80

DATE CVE VULNERABILITY TITLE RISK
2016-02-08 CVE-2015-8575 Information Exposure vulnerability in Linux Kernel
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
local
low complexity
linux CWE-200
4.0
2016-02-08 CVE-2015-8539 Improper Privilege Management vulnerability in multiple products
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
local
low complexity
canonical suse linux CWE-269
7.2
2016-02-08 CVE-2015-7513 Divide By Zero vulnerability in multiple products
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.
local
low complexity
linux debian fedoraproject canonical CWE-369
4.9
2016-02-08 CVE-2013-4312 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
local
low complexity
oracle linux CWE-119
6.2
2015-12-28 CVE-2015-8569 Information Exposure vulnerability in Linux Kernel
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
local
low complexity
linux CWE-200
2.3
2015-12-28 CVE-2013-7446 Unspecified vulnerability in Linux Kernel
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
local
high complexity
linux
5.3
2014-06-07 CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
local
low complexity
linux redhat suse opensuse canonical oracle
7.8