Vulnerabilities > Linux > Linux Kernel > 3.4.67

DATE CVE VULNERABILITY TITLE RISK
2016-08-06 CVE-2016-3841 Use After Free vulnerability in multiple products
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
local
low complexity
google linux CWE-416
7.3
2016-08-06 CVE-2016-3070 NULL Pointer Dereference vulnerability in multiple products
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
local
low complexity
debian linux CWE-476
7.8
2016-08-06 CVE-2015-8944 Information Exposure vulnerability in multiple products
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116.
network
google linux CWE-200
4.3
2016-08-06 CVE-2014-9900 Information Exposure vulnerability in multiple products
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
network
google linux CWE-200
4.3
2016-08-06 CVE-2014-9895 Information Exposure vulnerability in multiple products
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.
network
google linux CWE-200
4.3
2016-08-06 CVE-2014-9892 Information Exposure vulnerability in multiple products
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.
network
google linux CWE-200
4.3
2016-08-06 CVE-2014-9888 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.
local
low complexity
linux google CWE-264
7.2
2016-08-06 CVE-2014-9870 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.
network
google linux CWE-264
critical
9.3
2016-07-11 CVE-2016-2068 Integer Overflow or Wraparound vulnerability in multiple products
The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.
network
google linux CWE-190
6.8
2016-07-11 CVE-2016-2067 Improper Privilege Management vulnerability in multiple products
drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.
network
google linux CWE-269
critical
9.3