Vulnerabilities > Linux

DATE CVE VULNERABILITY TITLE RISK
2017-01-12 CVE-2016-6758 Improper Access Control vulnerability in Linux Kernel 3.10/3.18
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process.
local
low complexity
linux CWE-284
7.8
2017-01-12 CVE-2016-6757 Information Exposure vulnerability in Linux Kernel 3.10/3.18
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.
local
high complexity
linux CWE-200
4.7
2017-01-12 CVE-2016-6756 Information Exposure vulnerability in Linux Kernel 3.10/3.18
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.
local
high complexity
linux CWE-200
4.7
2017-01-12 CVE-2016-6755 Improper Access Control vulnerability in Linux Kernel 3.10/3.18
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux CWE-284
7.0
2017-01-05 CVE-2016-9754 Integer Overflow or Wraparound vulnerability in Linux Kernel
The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.
local
low complexity
linux CWE-190
7.8
2016-12-30 CVE-2016-10088 Use After Free vulnerability in Linux Kernel
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.
local
high complexity
linux CWE-416
7.0
2016-12-28 CVE-2016-9806 Double Free vulnerability in Linux Kernel
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
local
low complexity
linux CWE-415
7.8
2016-12-28 CVE-2016-9794 Use After Free vulnerability in Linux Kernel
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
local
low complexity
linux CWE-416
7.8
2016-12-28 CVE-2016-9793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
local
low complexity
linux CWE-119
7.8
2016-12-28 CVE-2016-9777 Out-of-bounds Read vulnerability in Linux Kernel
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.
local
high complexity
linux CWE-125
7.8