CVE-2017-17863

kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service integer overflow or invalid memory access or possibly have unspecified other impact...

CVE-2017-17856

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement...

Memory corruption

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement...

CVE-2017-17863

kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service integer overflow or invalid memory access or possibly have unspecified other impact...

CVE-2017-17856

CVE-2017-17856 affects the Linux kernel kernel/bpf/verifier.c up to version 4.14.8. It enables local users to cause a denial of service via memory corruption due to lack of stack-pointer alignment enforcement. The provided documents do not include exploitation details or a remediation patch/versi...

CVE-2017-17856

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement...

CVE-2017-17712

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

Race condition

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

CVE-2017-17712

Technical details about CVE-2017-17712 are not publicly available in the provided connected documents. Monitor for updates from vendor advisories and upstream kernel patches.

CVE-2017-17712

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

UBUNTU-CVE-2017-17712

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

PT-2017-14963 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.14.6 Description: The issue is related to a race condition in the raw sendmsg function, specifically in the inet-hdrincl component, which leads to the usage of an uninitialized stack pointer. This condition...

Microsoft Edge Chakra CFG Bypass With leafInterpreterFrame Vulnerability

Chakra suffers from a CFG bypass with leafInterpreterFrame. Every JavaScript variable in Chakra except a tagged int is a pointer. From this pointer, using an arbitrary read, it is possible to follow a chain of pointers and end up with a pointer to the native stack. This allows disclosing the stac...

Null pointer dereference

On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signa...

DEBIAN-CVE-2017-1000255

On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signa...

CVE-2017-1000255

On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signa...

CVE-2017-2784

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to ...

CVE-2017-2784

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to ...

DEBIAN-CVE-2017-2784

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to ...

ALPINE-CVE-2017-2784

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to ...