Vulnerabilities > Linux > Linux Kernel > 3.9.1

DATE CVE VULNERABILITY TITLE RISK
2016-11-16 CVE-2016-7911 Use After Free vulnerability in Linux Kernel
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
local
low complexity
linux CWE-416
7.8
2016-11-16 CVE-2016-7910 Use After Free vulnerability in Linux Kernel
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.
local
low complexity
linux CWE-416
7.8
2016-11-16 CVE-2015-8964 Information Exposure vulnerability in Linux Kernel
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.
local
low complexity
linux CWE-200
5.5
2016-11-16 CVE-2015-8963 Use After Free vulnerability in Linux Kernel
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.
local
high complexity
linux CWE-416
7.0
2016-11-16 CVE-2015-8962 Double Free vulnerability in Linux Kernel
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.
local
low complexity
linux CWE-415
7.3
2016-11-10 CVE-2016-5195 Race Condition vulnerability in multiple products
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
7.0
2016-10-16 CVE-2016-8660 Data Processing Errors vulnerability in Linux Kernel
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."
local
low complexity
linux CWE-19
5.5
2016-10-16 CVE-2016-8658 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.
local
low complexity
linux CWE-119
6.1
2016-10-16 CVE-2016-7425 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
local
low complexity
linux canonical CWE-119
7.8
2016-10-16 CVE-2016-7097 Improper Authorization vulnerability in Linux Kernel
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
local
low complexity
linux CWE-285
4.4