National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:3.14.3
There are 734 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2017-12193

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.

Published: November 22, 2017; 01:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-12190

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.

Published: November 22, 2017; 01:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-15115

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

Published: November 15, 2017; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-15102

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

Published: November 15, 2017; 04:29:00 PM -05:00
V3: 6.3 MEDIUM
V2: 6.9 MEDIUM
CVE-2017-16650

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 07, 2017; 06:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16649

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 07, 2017; 06:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16648

The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.

Published: November 07, 2017; 06:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16647

drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 07, 2017; 06:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16646

drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 07, 2017; 06:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16645

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 07, 2017; 06:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16644

The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 07, 2017; 06:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16643

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 07, 2017; 06:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-15306

The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.

Published: November 06, 2017; 01:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-16538

drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).

Published: November 03, 2017; 09:29:37 PM -04:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16537

The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 03, 2017; 09:29:37 PM -04:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16536

The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 03, 2017; 09:29:37 PM -04:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16535

The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 03, 2017; 09:29:37 PM -04:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16534

The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 03, 2017; 09:29:37 PM -04:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16533

The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 03, 2017; 09:29:37 PM -04:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH
CVE-2017-16532

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Published: November 03, 2017; 09:29:37 PM -04:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH