Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:4.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-7273 |
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. Published: March 27, 2017; 1:59:01 PM -0400 |
V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2017-7261 |
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. Published: March 24, 2017; 5:59:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-7187 |
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. Published: March 20, 2017; 10:59:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-7184 |
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. Published: March 19, 2017; 2:59:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-6874 |
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts. Published: March 14, 2017; 5:59:00 AM -0400 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2017-2636 |
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Published: March 07, 2017; 5:59:00 PM -0500 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2015-2877 |
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities Published: March 03, 2017; 6:59:00 AM -0500 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2017-6353 |
net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. Published: March 01, 2017; 3:59:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-6347 |
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. Published: March 01, 2017; 3:59:00 PM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-5669 |
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. Published: February 24, 2017; 10:59:00 AM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2015-0571 |
The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. Published: May 09, 2016; 6:59:02 AM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-0570 |
Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. Published: May 09, 2016; 6:59:01 AM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-0569 |
Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter. Published: May 09, 2016; 6:59:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-2854 |
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. Published: May 02, 2016; 6:59:34 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2016-2853 |
The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. Published: May 02, 2016; 6:59:33 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2015-7312 |
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. Published: November 16, 2015; 6:59:09 AM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-3532 |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. Published: July 19, 2014; 3:55:07 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-0069 |
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. Published: February 28, 2014; 1:18:54 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-2916 |
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. Published: June 15, 2006; 6:02:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.0 MEDIUM |