Vulnerabilities > Linux > Linux Kernel > 3.9.1

DATE CVE VULNERABILITY TITLE RISK
2016-06-13 CVE-2016-2061 Improper Privilege Management vulnerability in Linux Kernel
Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.
local
low complexity
linux CWE-269
7.8
2016-05-23 CVE-2016-4913 Information Exposure vulnerability in multiple products
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
local
low complexity
canonical linux oracle novell CWE-200
7.8
2016-05-23 CVE-2016-4805 Use After Free vulnerability in multiple products
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
local
low complexity
novell redhat canonical linux oracle CWE-416
7.8
2016-05-23 CVE-2016-4581 fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.
local
low complexity
canonical linux oracle
5.5
2016-05-23 CVE-2016-4580 Information Exposure vulnerability in multiple products
The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.
network
low complexity
linux canonical CWE-200
7.5
2016-05-23 CVE-2016-4578 Information Exposure vulnerability in multiple products
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
local
low complexity
linux canonical debian redhat opensuse CWE-200
5.5
2016-05-23 CVE-2016-4569 Information Exposure vulnerability in multiple products
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
local
low complexity
linux canonical novell CWE-200
5.5
2016-05-23 CVE-2016-4565 Permissions, Privileges, and Access Controls vulnerability in multiple products
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
local
low complexity
linux canonical debian CWE-264
7.8
2016-05-23 CVE-2016-4486 Information Exposure vulnerability in multiple products
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
local
low complexity
novell canonical linux CWE-200
3.3
2016-05-23 CVE-2016-4485 Information Exposure vulnerability in multiple products
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
network
low complexity
novell canonical linux CWE-200
7.5