CVE-2016-2550

MEDIUM Year: 2016
CVSS v3 Score
5.5
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-399
View all →

Vulnerability Description

The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.

Related Vulnerabilities

CVE-2010-5329

MEDIUM
CVSS:5.5(Medium)

The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which mig...

CWE-3992010

CVE-2011-2479

MEDIUM
CVSS:5.5(Medium)

The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system...

CWE-3992011

CVE-2014-8171

MEDIUM
CVSS:5.5(Medium)

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

CWE-3992014

CVE-2014-9637

MEDIUM
CVSS:5.5(Medium)

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

CWE-3992014

CVE-2014-9853

MEDIUM
CVSS:5.5(Medium)

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

CWE-3992014

CVE-2015-7313

MEDIUM
CVSS:5.5(Medium)

LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.

CWE-3992015