Vulnerabilities > Linux > Linux Kernel > 4.3.3

DATE CVE VULNERABILITY TITLE RISK
2016-12-30 CVE-2016-10088 Use After Free vulnerability in Linux Kernel
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.
local
high complexity
linux CWE-416
7.0
2016-12-28 CVE-2016-9806 Double Free vulnerability in Linux Kernel
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
local
low complexity
linux CWE-415
7.8
2016-12-28 CVE-2016-9794 Use After Free vulnerability in Linux Kernel
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
local
low complexity
linux CWE-416
7.8
2016-12-28 CVE-2016-9793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
local
low complexity
linux CWE-119
7.8
2016-12-28 CVE-2016-9756 Information Exposure vulnerability in Linux Kernel
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
local
low complexity
linux CWE-200
2.1
2016-12-28 CVE-2016-9755 Out-of-bounds Write vulnerability in Linux Kernel
The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.
local
low complexity
linux CWE-787
7.8
2016-12-28 CVE-2016-9685 Resource Exhaustion vulnerability in Linux Kernel
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
local
low complexity
linux CWE-400
4.9
2016-12-28 CVE-2016-9588 7PK - Errors vulnerability in Linux Kernel
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
local
low complexity
linux CWE-388
5.5
2016-12-28 CVE-2016-9576 Use After Free vulnerability in Linux Kernel
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
local
low complexity
linux CWE-416
7.8
2016-12-28 CVE-2016-6213 Resource Exhaustion vulnerability in Linux Kernel
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
local
linux CWE-400
4.7