Vulnerabilities > Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-08 | CVE-2016-8477 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-03-08 | CVE-2016-8417 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 3.10/3.18 An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-03-08 | CVE-2016-8416 | Information Exposure vulnerability in Linux Kernel 3.18 An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-03-08 | CVE-2016-8413 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-03-07 | CVE-2017-2636 | Double Free vulnerability in multiple products Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | 7.0 |
| 2017-03-07 | CVE-2016-10200 | Use After Free vulnerability in multiple products Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. | 7.0 |
| 2017-03-03 | CVE-2015-2877 | Information Exposure vulnerability in multiple products Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. | 3.3 |
| 2017-03-01 | CVE-2017-6353 | Double Free vulnerability in Linux Kernel net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. | 5.5 |
| 2017-03-01 | CVE-2017-6348 | Unspecified vulnerability in Linux Kernel The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices. | 5.5 |
| 2017-03-01 | CVE-2017-6347 | Out-of-bounds Read vulnerability in Linux Kernel The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. | 7.8 |