National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.22.20
There are 1,280 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2017-14051

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.

Published: August 31, 2017; 12:29:00 AM -04:00
V3: 4.4 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-13715

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.

Published: August 28, 2017; 09:35:13 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2017-13695

The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Published: August 25, 2017; 04:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-13694

The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Published: August 25, 2017; 04:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-13693

The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Published: August 25, 2017; 04:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-10663

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

Published: August 19, 2017; 02:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-10662

The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.

Published: August 19, 2017; 02:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-10661

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

Published: August 19, 2017; 02:29:00 PM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2006-3635

The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.

Published: August 06, 2017; 11:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-7533

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

Published: August 05, 2017; 12:29:00 PM -04:00
V3: 7.0 HIGH
V2: 6.9 MEDIUM
CVE-2017-7541

The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.

Published: July 25, 2017; 12:29:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-11600

net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.

Published: July 24, 2017; 03:29:00 AM -04:00
V3: 7.0 HIGH
V2: 6.9 MEDIUM
CVE-2017-7542

The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.

Published: July 21, 2017; 12:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-11473

Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.

Published: July 20, 2017; 12:29:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-11472

The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Published: July 20, 2017; 12:29:00 AM -04:00
V3: 7.1 HIGH
V2: 3.6 LOW
CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.

Published: July 17, 2017; 09:18:18 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-11176

The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.

Published: July 11, 2017; 07:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-10911

The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.

Published: July 04, 2017; 09:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-10810

Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.

Published: July 04, 2017; 04:29:00 PM -04:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2017-8797

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

Published: July 02, 2017; 01:29:00 PM -04:00
V3: 7.5 HIGH
V2: 7.8 HIGH