12.0

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-23	CVE-2016-4805	Use After Free vulnerability in multiple products Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. local low complexity novell redhat canonical linux oracle CWE-416	7.8
2016-05-23	CVE-2016-4569	Information Exposure vulnerability in multiple products The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. local low complexity linux canonical novell CWE-200	5.5
2016-05-23	CVE-2016-4486	Information Exposure vulnerability in multiple products The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. local low complexity novell canonical linux CWE-200	3.3
2016-05-23	CVE-2016-4482	Information Exposure vulnerability in multiple products The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. local low complexity canonical linux novell fedoraproject CWE-200	6.2
2016-05-02	CVE-2016-3951	Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. low complexity canonical novell suse linux	4.6
2016-05-02	CVE-2016-3689	The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. low complexity novell linux canonical	4.6
2016-05-02	CVE-2016-3140	The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. low complexity canonical linux novell	4.6
2016-05-02	CVE-2016-3138	The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. low complexity linux canonical novell	4.6
2016-05-02	CVE-2016-3137	drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. low complexity novell canonical linux	4.6
2016-05-02	CVE-2016-3136	The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. low complexity linux novell canonical	4.6