Vulnerabilities > Linux > Linux Kernel > 4.3.3

DATE CVE VULNERABILITY TITLE RISK
2016-10-16 CVE-2016-7039 Resource Management Errors vulnerability in multiple products
The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.
network
low complexity
oracle linux CWE-399
7.5
2016-10-16 CVE-2016-6828 Use After Free vulnerability in Linux Kernel
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
local
low complexity
linux CWE-416
5.5
2016-10-16 CVE-2016-6327 NULL Pointer Dereference vulnerability in Linux Kernel
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.
local
low complexity
linux CWE-476
5.5
2016-10-16 CVE-2015-8952 Data Processing Errors vulnerability in Linux Kernel
The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.
local
low complexity
linux CWE-19
5.5
2016-10-10 CVE-2016-7117 Data Processing Errors vulnerability in multiple products
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
network
low complexity
debian linux canonical CWE-19
critical
9.8
2016-10-10 CVE-2015-8955 Permissions, Privileges, and Access Controls vulnerability in multiple products
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
local
low complexity
linux google CWE-264
7.3
2016-08-06 CVE-2016-6516 Race Condition vulnerability in Linux Kernel
Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.
local
high complexity
linux CWE-362
7.4
2016-08-06 CVE-2016-6480 Race Condition vulnerability in Linux Kernel
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
local
high complexity
linux CWE-362
5.1
2016-08-06 CVE-2016-6198 Improper Access Control vulnerability in multiple products
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.
local
low complexity
linux oracle CWE-284
5.5
2016-08-06 CVE-2016-6197 Improper Input Validation vulnerability in multiple products
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.
local
low complexity
oracle linux CWE-20
5.5