National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:4.10.3
There are 318 matching records.
Displaying matches 301 through 318.
Vuln ID Summary CVSS Severity
CVE-2010-5321

Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.

Published: April 24, 2017; 02:59:00 AM -04:00
V3: 4.3 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-8067

drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

Published: April 23, 2017; 01:59:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-8065

crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

Published: April 23, 2017; 01:59:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-8064

drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

Published: April 23, 2017; 01:59:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-8063

drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

Published: April 23, 2017; 01:59:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-8062

drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

Published: April 23, 2017; 01:59:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-7645

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

Published: April 18, 2017; 10:59:00 AM -04:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2017-7889

The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.

Published: April 16, 2017; 08:59:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-7618

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.

Published: April 10, 2017; 10:59:00 AM -04:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2017-7616

Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.

Published: April 10, 2017; 10:59:00 AM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-2671

The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.

Published: April 05, 2017; 02:59:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-7374

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.

Published: March 31, 2017; 04:59:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-7346

The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.

Published: March 30, 2017; 07:59:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-7308

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.

Published: March 29, 2017; 04:59:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-7294

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.

Published: March 28, 2017; 10:59:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-7277

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.

Published: March 28, 2017; 02:59:00 AM -04:00
V3: 7.1 HIGH
V2: 6.6 MEDIUM
CVE-2017-7261

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.

Published: March 24, 2017; 05:59:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-7187

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.

Published: March 20, 2017; 10:59:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH