Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:4.9.70
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-16649 |
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 07, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16648 |
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. Published: November 07, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16647 |
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 07, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16646 |
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 07, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16645 |
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 07, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16644 |
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 07, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16643 |
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 07, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-15306 |
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. Published: November 06, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-16538 |
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). Published: November 03, 2017; 9:29:37 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16537 |
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 03, 2017; 9:29:37 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16536 |
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 03, 2017; 9:29:37 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16535 |
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Published: November 03, 2017; 9:29:37 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16531 |
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. Published: November 03, 2017; 9:29:36 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-15649 |
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. Published: October 19, 2017; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-15537 |
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. Published: October 17, 2017; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-15299 |
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. Published: October 14, 2017; 7:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-15274 |
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. Published: October 11, 2017; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-12192 |
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. Published: October 11, 2017; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-14991 |
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. Published: October 03, 2017; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-14954 |
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call. Published: October 01, 2017; 9:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |