Vulnerabilities > Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-02 | CVE-2015-1350 | Files or Directories Accessible to External Parties vulnerability in multiple products The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | 5.5 |
| 2016-05-02 | CVE-2014-9717 | Improper Access Control vulnerability in Linux Kernel fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. | 6.1 |
| 2016-05-02 | CVE-2011-5321 | Unspecified vulnerability in Linux Kernel The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory. | 5.5 |
| 2016-05-02 | CVE-2008-7316 | Improper Input Validation vulnerability in Linux Kernel mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. | 5.5 |
| 2016-04-27 | CVE-2016-3156 | Resource Management Errors vulnerability in multiple products The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. | 5.5 |
| 2016-04-27 | CVE-2016-3139 | The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | 4.6 |
| 2016-04-27 | CVE-2016-2847 | Resource Management Errors vulnerability in multiple products fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. | 6.2 |
| 2016-04-27 | CVE-2016-2782 | NULL Pointer Dereference vulnerability in multiple products The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. | 4.6 |
| 2016-04-27 | CVE-2016-2550 | Resource Management Errors vulnerability in Linux Kernel The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. | 5.5 |
| 2016-04-27 | CVE-2016-2549 | Improper Input Validation vulnerability in Linux Kernel sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. | 6.2 |