Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:3.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-9150 |
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. Published: May 22, 2017; 6:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-9077 |
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Published: May 19, 2017; 10:29:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-9076 |
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Published: May 19, 2017; 3:29:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-9075 |
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Published: May 19, 2017; 3:29:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-9074 |
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Published: May 19, 2017; 3:29:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-9059 |
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. Published: May 18, 2017; 2:29:00 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-7495 |
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. Published: May 15, 2017; 2:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-7487 |
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. Published: May 14, 2017; 6:29:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-8925 |
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. Published: May 12, 2017; 5:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-8924 |
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. Published: May 12, 2017; 5:29:00 PM -0400 |
V3.0: 4.6 MEDIUM V2.0: 2.1 LOW |
CVE-2017-0633 |
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2017-0632 |
An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2017-0631 |
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2017-0630 |
An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2017-0629 |
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2017-0628 |
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2017-0627 |
An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2017-0626 |
An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-0624 |
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-0622 |
An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602. Published: May 12, 2017; 11:29:02 AM -0400 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |