Vulnerabilities > Linux > Linux Kernel > 4.3.0

DATE CVE VULNERABILITY TITLE RISK
2015-12-28 CVE-2015-8543 Unspecified vulnerability in Linux Kernel
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
local
high complexity
linux
7.0
2015-12-28 CVE-2015-8374 Information Exposure vulnerability in Linux Kernel
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
local
low complexity
linux CWE-200
2.1
2015-12-28 CVE-2015-7990 Race Condition vulnerability in Linux Kernel
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.
local
linux CWE-362
5.9
2015-12-28 CVE-2015-7885 Information Exposure vulnerability in Linux Kernel
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
local
low complexity
linux CWE-200
2.1
2015-12-28 CVE-2015-7884 Information Exposure vulnerability in Linux Kernel
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
local
linux CWE-200
1.9
2015-12-28 CVE-2013-7446 Unspecified vulnerability in Linux Kernel
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
local
high complexity
linux
5.3
2015-11-16 CVE-2015-7312 Use After Free vulnerability in multiple products
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.
4.4
2014-06-07 CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
local
low complexity
linux redhat suse opensuse canonical oracle
7.8