30 Linux Kernel CVEs in November 2016
Full month · Source: NIST NVD
In November 2016, 30 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 1 was rated Critical, 16 were rated High severity and 13 Medium. CVE-2016-5195 was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. November's 30 CVEs represent 13% of all 2016 Linux kernel CVEs , up from October's 19 (a 58% month-over-month increase) .
Actively Exploited CVEs — November 2016
1 CVE in CISA KEVCVE-2016-5195 is the only Linux kernel CVE from November 2016 confirmed as actively exploited in the wild. It carries a CVSS score of 7.0 (High severity) and is listed in the CISA Known Exploited Vulnerabilities catalog.
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2016-5195 | High KEV | 7.0 | 2016-11-10 | Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to g… |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2016-9555 | linux | Critical | 9.8 | 2016-11-28 | The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for t… | |
| CVE-2016-9084 | linux | High | 7.8 | 2016-11-28 | drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local u… | |
| CVE-2016-9644 | linux | High | 7.8 | 2016-11-28 | The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extend… | |
| CVE-2016-9083 | linux | High | 7.8 | 2016-11-28 | drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, an… | |
| CVE-2016-8632 | linux | High | 7.8 | 2016-11-28 | The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship bet… | |
| CVE-2015-1328 | linux | High | 7.8 | 2016-11-28 | The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does n… | |
| CVE-2016-9313 | linux | High | 7.8 | 2016-11-28 | security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction wit… | |
| CVE-2016-7911 | linux | High | 7.8 | 2016-11-16 | Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to… | |
| CVE-2016-7913 | linux | High | 7.8 | 2016-11-16 | The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users… | |
| CVE-2016-7912 | linux | High | 7.8 | 2016-11-16 | Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux ke… | |
| CVE-2015-8961 | linux | High | 7.8 | 2016-11-16 | The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain pri… | |
| CVE-2016-7910 | linux | High | 7.8 | 2016-11-16 | Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows lo… | |
| CVE-2016-7382 | linux | High | 7.8 | 2016-11-08 | For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kern… | |
| CVE-2016-7389 | linux | High | 7.8 | 2016-11-08 | For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 b… | |
| CVE-2015-8962 | linux | High | 7.3 | 2016-11-16 | Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows lo… |