Vulnerabilities > Linux > Linux Kernel > 3.4.97

DATE CVE VULNERABILITY TITLE RISK
2016-08-06 CVE-2016-3070 NULL Pointer Dereference vulnerability in multiple products
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
local
low complexity
debian linux CWE-476
7.8
2016-08-06 CVE-2015-8944 Information Exposure vulnerability in multiple products
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116.
local
low complexity
linux google CWE-200
5.5
2016-08-06 CVE-2014-9900 Information Exposure vulnerability in multiple products
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
local
low complexity
linux google CWE-200
5.5
2016-08-06 CVE-2014-9895 Information Exposure vulnerability in multiple products
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.
local
low complexity
linux google CWE-200
5.5
2016-08-06 CVE-2014-9892 Information Exposure vulnerability in multiple products
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.
local
low complexity
linux google CWE-200
5.5
2016-08-06 CVE-2014-9888 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.
local
low complexity
linux CWE-264
7.8
2016-08-06 CVE-2014-9870 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.
local
low complexity
linux google CWE-264
7.8
2016-07-11 CVE-2016-2068 Integer Overflow or Wraparound vulnerability in multiple products
The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.
local
low complexity
google linux CWE-190
7.8
2016-07-11 CVE-2016-2067 Improper Privilege Management vulnerability in multiple products
drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.
local
low complexity
google linux CWE-269
7.8
2016-07-03 CVE-2016-6130 Race Condition vulnerability in multiple products
Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.
local
high complexity
debian linux CWE-362
4.7