Vulnerabilities > Linux > Linux Kernel > 4.4.124

DATE CVE VULNERABILITY TITLE RISK
2016-04-27 CVE-2016-3134 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
local
low complexity
novell linux CWE-119
8.4
2016-04-27 CVE-2016-2782 NULL Pointer Dereference vulnerability in multiple products
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
local
low complexity
linux suse CWE-476
4.9
2016-04-27 CVE-2016-2383 The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
local
low complexity
linux canonical opensuse
2.1
2016-04-27 CVE-2016-2184 The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
low complexity
linux canonical novell
4.6
2015-11-16 CVE-2015-7312 Use After Free vulnerability in multiple products
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.
4.4
2014-06-07 CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
local
low complexity
linux redhat suse opensuse canonical oracle
7.8