Vulnerabilities > Linux

DATE CVE VULNERABILITY TITLE RISK
2016-06-27 CVE-2016-5829 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
local
low complexity
debian linux novell canonical CWE-119
7.8
2016-06-27 CVE-2016-5828 Improper Input Validation vulnerability in multiple products
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
local
low complexity
linux novell debian canonical CWE-20
7.8
2016-06-27 CVE-2016-5728 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
local
high complexity
debian linux CWE-119
6.3
2016-06-27 CVE-2016-5244 Information Exposure vulnerability in multiple products
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
network
low complexity
fedoraproject suse redhat linux CWE-200
7.5
2016-06-27 CVE-2016-5243 Information Exposure vulnerability in Linux Kernel
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
local
low complexity
linux CWE-200
5.5
2016-06-27 CVE-2016-4470 The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
local
low complexity
oracle linux novell redhat
5.5
2016-06-27 CVE-2016-4440 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.
local
low complexity
linux CWE-264
7.8
2016-06-27 CVE-2016-3713 Improper Access Control vulnerability in Linux Kernel
The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.
local
low complexity
linux CWE-284
7.1
2016-06-27 CVE-2016-3707 Improper Access Control vulnerability in multiple products
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
network
high complexity
linux redhat novell CWE-284
8.1
2016-06-27 CVE-2016-1583 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
local
low complexity
linux novell canonical debian CWE-119
7.8