Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2016-2847 6.2 MEDIUM EPSS 0.00

Linux Kernel < 4.4.8 - Resource Management Error

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

CWE-399 Apr 27, 2016

CVE-2016-2782 4.6 MEDIUM 1 PoC Analysis EPSS 0.00

Linux Kernel < 4.5.0 - NULL Pointer Dereference

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

CWE-476 Apr 27, 2016

CVE-2016-2550 5.5 MEDIUM EPSS 0.00

Linux Kernel < 4.4.8 - Resource Management Error

The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.

CWE-399 Apr 27, 2016

CVE-2016-2549 6.2 MEDIUM EPSS 0.00

Linux Kernel < 4.4 - Improper Input Validation

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.

CWE-20 Apr 27, 2016

CVE-2016-2548 6.2 MEDIUM EPSS 0.00

Linux Kernel < 4.4 - Improper Input Validation

sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.

CWE-20 Apr 27, 2016

CVE-2016-2547 5.1 MEDIUM EPSS 0.00

Linux Kernel < 4.4 - Race Condition

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.

CWE-362 Apr 27, 2016

CVE-2016-2546 5.1 MEDIUM EPSS 0.00

Linux Kernel < 4.4 - Race Condition

sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.

CWE-362 Apr 27, 2016

CVE-2016-2545 5.1 MEDIUM EPSS 0.00

Linux Kernel < 4.4 - Race Condition

The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.

CWE-362 Apr 27, 2016

CVE-2016-2544 5.1 MEDIUM EPSS 0.00

Linux Kernel < 4.4 - Race Condition

Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.

CWE-362 Apr 27, 2016

CVE-2016-2543 6.2 MEDIUM EPSS 0.00

Linux Kernel < 4.4 - Denial of Service

The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.

Apr 27, 2016

CVE-2016-2384 4.6 MEDIUM 2 PoCs Analysis EPSS 0.09

Linux Kernel < 4.4.8 - Denial of Service

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

Apr 27, 2016

CVE-2016-2383 5.5 MEDIUM EPSS 0.00

Linux kernel <4.5 - Info Disclosure

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.

Apr 27, 2016

CVE-2016-2184 4.6 MEDIUM 1 PoC Analysis EPSS 0.00

Linux Kernel < 4.5.0 - Denial of Service

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.

Apr 27, 2016

CVE-2016-2085 5.5 MEDIUM EPSS 0.00

Linux kernel <4.5 - Info Disclosure

The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.

CWE-19 Apr 27, 2016

CVE-2016-0774 6.8 MEDIUM EPSS 0.00

Linux kernel <3.2.73-2+deb7u3 - DoS

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.

CWE-20 Apr 27, 2016

CVE-2015-8845 5.5 MEDIUM EPSS 0.00

Linux Kernel < 4.4 - Improper Access Control

The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

CWE-284 Apr 27, 2016

CVE-2015-8844 5.5 MEDIUM EPSS 0.00

Linux Kernel < 4.3.4 - Improper Input Validation

The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

CWE-20 Apr 27, 2016

CVE-2015-8816 6.8 MEDIUM EPSS 0.00

Novell Suse Linux Enterprise Software... - Denial of Service

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

Apr 27, 2016

CVE-2015-7515 4.6 MEDIUM 1 PoC Analysis EPSS 0.01

Linux kernel <4.4 - DoS

The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.

CWE-476 Apr 27, 2016

CVE-2015-1339 6.2 MEDIUM 1 Writeup EPSS 0.00

Linux Kernel <4.4 - DoS

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

CWE-399 Apr 27, 2016

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps