Vulnerabilities > Linux > Linux Kernel > 4.1.38
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-27 | CVE-2016-2085 | Data Processing Errors vulnerability in Linux Kernel The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack. | 2.1 |
| 2016-04-27 | CVE-2016-2069 | Race Condition vulnerability in multiple products Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. | 4.4 |
| 2016-04-27 | CVE-2015-8845 | Improper Access Control vulnerability in Linux Kernel The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | 4.9 |
| 2016-04-27 | CVE-2015-8844 | Improper Input Validation vulnerability in Linux Kernel The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | 4.7 |
| 2016-04-27 | CVE-2015-7515 | NULL Pointer Dereference vulnerability in Linux Kernel The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints. | 4.9 |
| 2016-04-27 | CVE-2015-1339 | Resource Management Errors vulnerability in Linux Kernel Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times. | 4.9 |
| 2016-03-12 | CVE-2016-0821 | Use of Uninitialized Resource vulnerability in multiple products The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. | 2.1 |
| 2016-02-08 | CVE-2016-0723 | Local Race Condition vulnerability in Linux Kernel Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. | 5.6 |
| 2016-02-08 | CVE-2015-8785 | Infinite Loop vulnerability in multiple products The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. | 4.9 |
| 2016-02-08 | CVE-2015-8767 | Race Condition vulnerability in Linux Kernel net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | 4.9 |