Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-06-27	CVE-2014-9903	Information Exposure vulnerability in Linux Kernel 3.14 The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call. local low complexity linux CWE-200	5.5
2016-05-23	CVE-2016-4581	fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. local low complexity canonical linux oracle	5.5
2016-05-23	CVE-2016-4578	Information Exposure vulnerability in multiple products sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. local low complexity linux canonical debian redhat opensuse CWE-200	5.5
2016-05-23	CVE-2016-4569	Information Exposure vulnerability in multiple products The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. local low complexity linux canonical novell CWE-200	5.5
2016-05-23	CVE-2016-4482	Information Exposure vulnerability in multiple products The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. local low complexity canonical linux novell fedoraproject CWE-200	6.2
2016-05-02	CVE-2016-3951	Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. low complexity canonical novell suse linux	4.6
2016-05-02	CVE-2016-3689	The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. low complexity novell linux canonical	4.6
2016-05-02	CVE-2016-3140	The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. low complexity canonical linux novell	4.6
2016-05-02	CVE-2016-3138	The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. low complexity linux canonical novell	4.6
2016-05-02	CVE-2016-3137	drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. low complexity novell canonical linux	4.6