Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: sys-kernel/chromeos-kernel-3_10
Package Version: [cpe:/o:linux:linux_kernel:3.10.18]

Advisory: CVE-2014-9410
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2014-9410
  CVSS severity score: 7.2/10.0
  Confidence: high
  Description:

The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.


Advisory: CVE-2015-0568
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-0568
  CVSS severity score: 7.2/10.0
  Confidence: high
  Description:

Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
Advisory: CVE-2015-0573
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-0573
  CVSS severity score: 10/10.0
  Confidence: high
  Description:

drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.
Advisory: CVE-2016-2063
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-2063
  CVSS severity score: 10/10.0
  Confidence: high
  Description:

Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface.
Advisory: CVE-2016-2065
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-2065
  CVSS severity score: 10/10.0
  Confidence: high
  Description:

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.
Advisory: CVE-2016-5340
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-5340
  CVSS severity score: 7.2/10.0
  Confidence: high
  Description:

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.