Vulnerabilities > Linux > Linux Kernel > 4.3.4

DATE CVE VULNERABILITY TITLE RISK
2016-04-27 CVE-2016-2069 Race Condition vulnerability in multiple products
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
4.4
2016-04-27 CVE-2015-8845 Improper Access Control vulnerability in Linux Kernel
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
local
low complexity
linux suse novell CWE-284
4.9
2016-04-27 CVE-2015-8844 Improper Input Validation vulnerability in Linux Kernel
The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
local
linux CWE-20
4.7
2016-04-27 CVE-2015-8816 The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.
low complexity
novell linux suse
6.8
2016-04-27 CVE-2015-8812 drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
network
low complexity
novell linux canonical
critical
9.8
2016-04-27 CVE-2015-7515 NULL Pointer Dereference vulnerability in Linux Kernel
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
local
low complexity
linux CWE-476
4.9
2016-04-27 CVE-2015-1339 Resource Management Errors vulnerability in Linux Kernel
Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.
local
low complexity
linux novell CWE-399
4.9
2016-04-13 CVE-2015-8551 NULL Pointer Dereference vulnerability in multiple products
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."
4.7
2016-02-08 CVE-2016-0723 Local Race Condition vulnerability in Linux Kernel
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
local
low complexity
linux
5.6
2016-02-08 CVE-2015-8787 NULL Pointer Dereference vulnerability in Linux Kernel
The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.
network
low complexity
linux CWE-476
critical
9.8