Vulnerabilities > Linux > Linux Kernel > 3.9.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-16 | CVE-2016-7425 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. | 7.8 |
| 2016-10-16 | CVE-2016-7097 | Improper Authorization vulnerability in Linux Kernel The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. | 4.4 |
| 2016-10-16 | CVE-2016-7042 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. | 4.9 |
| 2016-10-16 | CVE-2016-6828 | Use After Free vulnerability in Linux Kernel The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. | 5.5 |
| 2016-10-16 | CVE-2016-6327 | NULL Pointer Dereference vulnerability in Linux Kernel drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. | 5.5 |
| 2016-10-16 | CVE-2015-8953 | Resource Management Errors vulnerability in Linux Kernel fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer. | 4.9 |
| 2016-10-16 | CVE-2015-8952 | Data Processing Errors vulnerability in Linux Kernel The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. | 2.1 |
| 2016-10-10 | CVE-2016-7117 | Data Processing Errors vulnerability in multiple products Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | 9.8 |
| 2016-10-10 | CVE-2016-5343 | Classic Buffer Overflow vulnerability in Linux Kernel drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow. | 7.5 |
| 2016-10-10 | CVE-2015-8956 | NULL Pointer Dereference vulnerability in Linux Kernel The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. | 3.6 |