Skip to main content
CVE-2016-3134 HIGH POC This Week

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Buffer Overflow Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo +7
NVD GitHub Exploit-DB
CVSS 3.0
8.4
EPSS
0.0%
CVE-2016-3135 HIGH POC This Week

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-3672 HIGH POC PATCH This Week

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Ubuntu Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +6
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2384 MEDIUM POC PATCH This Month

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Suse Linux Enterprise Real Time Extension
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
9.0%
CVE-2015-8812 CRITICAL PATCH Act Now

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Linux Suse Linux Enterprise Real Time Extension Linux Kernel +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2015-7515 MEDIUM POC PATCH This Month

The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference Linux Kernel
NVD Exploit-DB GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2016-2782 MEDIUM POC PATCH This Month

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Linux Enterprise Debuginfo +6
NVD GitHub Exploit-DB
CVSS 3.1
4.6
EPSS
0.5%
CVE-2016-3139 MEDIUM POC This Month

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +6
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-2184 MEDIUM POC PATCH This Month

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Suse Linux Enterprise Software Development Kit +7
NVD Exploit-DB GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-2143 HIGH PATCH This Week

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-2069 HIGH PATCH This Week

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. Rated high severity (CVSS 7.4), this vulnerability is no authentication required.

Information Disclosure Race Condition Linux Ubuntu Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.4
EPSS
0.1%
CVE-2015-8816 MEDIUM PATCH This Month

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +8
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2016-0774 MEDIUM This Month

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Debian Denial Of Service Red Hat Linux Linux Kernel +1
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-2548 MEDIUM PATCH This Month

sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-2847 MEDIUM PATCH This Month

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo +6
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-2549 MEDIUM This Month

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-2543 MEDIUM PATCH This Month

The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.2
EPSS
0.0%
CVE-2015-1339 MEDIUM PATCH This Month

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Suse Linux Enterprise Debuginfo Suse Linux Enterprise Real Time Extension
NVD GitHub
CVSS 3.0
6.2
EPSS
0.0%
CVE-2016-2383 MEDIUM PATCH This Month

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-2085 MEDIUM PATCH This Month

The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8845 MEDIUM PATCH This Month

The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Authentication Bypass Linux Kernel Suse Linux Enterprise Live Patching +6
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8844 MEDIUM This Month

The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-2550 MEDIUM PATCH This Month

The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-3156 MEDIUM PATCH This Month

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +7
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-2547 MEDIUM PATCH This Month

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition,. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-2545 MEDIUM PATCH This Month

The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-2546 MEDIUM PATCH This Month

sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-2544 MEDIUM PATCH This Month

Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy