Vulnerabilities > Linux > Linux Kernel > 4.1.41
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-08-06 | CVE-2016-5412 | Resource Management Errors vulnerability in Linux Kernel arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. | 6.5 |
2016-08-06 | CVE-2016-5400 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. | 4.9 |
2016-08-06 | CVE-2016-3070 | NULL Pointer Dereference vulnerability in multiple products The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. | 7.8 |
2016-08-06 | CVE-2015-8944 | Information Exposure vulnerability in multiple products The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. | 4.3 |
2016-08-06 | CVE-2014-9900 | Information Exposure vulnerability in multiple products The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754. | 4.3 |
2016-08-06 | CVE-2014-9892 | Information Exposure vulnerability in multiple products The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717. | 4.3 |
2016-07-03 | CVE-2016-6130 | Race Condition vulnerability in multiple products Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. | 1.9 |
2016-07-03 | CVE-2016-4998 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. | 7.1 |
2016-06-29 | CVE-2016-1237 | Improper Access Control vulnerability in Linux Kernel nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. | 4.9 |
2016-06-27 | CVE-2016-5728 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. | 5.4 |