National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:4.10.3
There are 325 matching records.
Displaying matches 321 through 325.
Vuln ID Summary CVSS Severity
CVE-2017-7308

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.

Published: March 29, 2017; 04:59:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-7294

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.

Published: March 28, 2017; 10:59:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-7277

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.

Published: March 28, 2017; 02:59:00 AM -04:00
V3: 7.1 HIGH
V2: 6.6 MEDIUM
CVE-2017-7261

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.

Published: March 24, 2017; 05:59:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-7187

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.

Published: March 20, 2017; 10:59:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH