39 matches found
CVE-2017-8890
CVE-2017-8890 is a Linux kernel vulnerability affecting the IPv4 networking stack. The issue is a double free in inet_csk_clone_lock() in net/ipv4/inet_connection_sock.c, which can be triggered via the accept() system call and leads to a denial of service (kernel memory corruption/crash). The Cen...
CVE-2017-6074
CVE-2017-6074 affects the Linux kernel up to 4.9.11, where dccp_rcv_state_process in net/dccp/input.c mishandles DCCP_PKT_REQUEST data in LISTEN state. This can allow a local user to gain root privileges or trigger a denial of service (double free) via an application using IPV6_RECVPKTINFO setsoc...
CVE-2017-11176
CVE-2017-11176 is a local vulnerability in the Linux kernel’s Netlink mq_notify path. The issue arises because mq_notify does not set the sock pointer to NULL when entering retry logic, enabling a use-after-free scenario during a user-space close of a Netlink socket. Public sources describe poten...
CVE-2017-1000410
Summary of CVE-2017-1000410 (Linux kernel info leak) : The vulnerability affects Linux kernel 3.3-rc1 and later in how L2CAP ConfigRequest/ConfigResponse are parsed. A stack variable (struct l2cap_conf_efs efs) is declared uninitialized and, depending on parsing flow and input, can be leaked back...
CVE-2017-7895
CVE-2017-7895 affects the Linux kernel NFSv2/v3 server (fs/nfsd/nfs3xdr.c, fs/nfsd/nfsxdr.c). A remote attacker can craft requests that bypass end-of-buffer checks, triggering pointer-arithmetic errors or other unspecified impacts. Affected kernels include up to 4.10.13; remediation is to upgrade...
CVE-2017-10661
CVE-2017-10661 is a race condition in Linux kernel timerfd (fs/timerfd.c) that affects versions before 4.10.15. The flaw arises from improper protection of the might_cancel queue during concurrent timerfd operations, enabling local attackers to cause a denial of service or gain privileges via lis...
CVE-2017-15115
CVE-2017-15115: Linux kernel prior to 4.14 allows local users to trigger a denial of service (use-after-free in sctp_do_peeloff in net/sctp/socket.c) via crafted system calls. Impact is system crash; no explicit exploit details provided in the documents beyond this. The IBM bulletin references th...
CVE-2017-17807
CVE-2017-17807 : Linux kernel KEYS subsystem vulnerability where the request_key() path can bypass access control when adding a key to the current task’s default request-key keyring. An unpatched kernel (pre-4.14.6) could allow a local attacker to craft a sequence of system calls to insert keys i...
CVE-2017-7889
CVE-2017-7889 affects the Linux kernel mm subsystem (up to 3.2); a local attacker with access to /dev/mem can read/write kernel memory due to CONFIG_STRICT_DEVMEM not being properly enforced in arch/x86/mm/init.c and drivers/char/mem.c. Public details: Debian security advisories show fixes (e.g.,...
CVE-2017-9077
CVE-2017-9077 : The Linux kernel's tcp_v6_syn_recv_sock in net/ipv6/tcp_ipv6.c mishandles inheritance, enabling a local attacker to cause a denial of service via crafted system calls. The connected CentOS/CSA entries corroborate kernel-level impact and note security updates; no remote exploit det...
CVE-2017-7184
The CVE-2017-7184 issue affects the Linux kernel xfrm subsystem, where xfrm_replay_verify_len in net/xfrm/xfrm_user.c up to 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, enabling a local attacker with CAP_NET_ADMIN to cause a heap-based out-of-bounds access and potent...
CVE-2017-15265
CVE-2017-15265 is a race condition in the ALSA sequencer subsystem of the Linux kernel, up to version 4.13.8. A local attacker can trigger a use-after-free via crafted /dev/snd/seq ioctl calls, leading to denial of service (crash) or potentially other impacts. The vulnerability is fixed in the up...
CVE-2017-7645
The CVE-2017-7645 issue affects the Linux kernel NFSv2/v3 server (nfsd) and is triggered by processing long RPC replies. The root cause is an out-of-bounds memory access in the NFS server paths (net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, fs/nfsd/nfsxdr.c) that can lead to a system crash (DoS). Affected...
CVE-2017-9076
CVE-2017-9076 is a Linux kernel issue reported in the CentOS/Red Hat advisory set (CESA-2018:1854) tied to the IPv6 DCCP implementation. The vulnerability arises from mishandling of inheritance in the IPv6 DCCP code, allowing a local attacker to cause a denial of service or possibly other unspeci...
CVE-2017-9075
CVE-2017-9075 affects the Linux kernel network subsystem: the sctp_v6_create_accept_sk function in net/sctp/ipv6.c mishandles inheritance, enabling a local attacker to cause a denial of service (and possibly other effects) via crafted system calls. Connected CentOS Red Hat advisories (e.g., CESA/...
CVE-2017-9074
Affected software: Linux kernel IPv6 fragmentation code. Root cause: nexthdr field may be associated with an invalid option, leading to an out-of-bounds read/BUG via crafted socket and send calls. Impact: local denial of service and potential unspecified effects (information leakage/compromise as...
CVE-2017-17806
CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...
CVE-2017-12193
CVE-2017-12193 affects the Linux kernel: the function assoc_array_insert_into_terminal_node in lib/assoc_array.c mishandles node splitting, leading to a NULL pointer dereference and kernel panic via a crafted application. The vulnerability is in kernels prior to 4.13.11, enabling local attackers ...
CVE-2014-9940
CVE-2014-9940 affects the Linux kernel regulator_ena_gpio_free function in drivers/regulator/core.c, with exploitation possible through local access to gain privileges or cause a denial of service via a use-after-free. Affected condition is kernel versions before 3.19. Impact per sources is high ...
CVE-2016-10044
CVE-2016-10044 is supported by connected advisories: the Linux kernel up to version 4.7.7 contains a vulnerability in the aio_mount path. Specifically, the aio_mount function in fs/aio.c did not properly restrict execute access, enabling local users to bypass SELinux W^X policy and gain privilege...
CVE-2017-7187
The CVE-2017-7187 issue affects the Linux kernel sg_ioctl in drivers/scsi/sg.c, where a large SG_NEXT_CMD_LEN ioctl can trigger a stack-based buffer overflow, leading to a DoS or potentially other impact via out-of-bounds writes in sg_write. Descriptions across connected sources (CNVD-2017-03858)...
CVE-2017-16994
The CVE-2017-16994 vulnerability affects the Linux kernel’s walk_hugetlb_range function in mm/pagewalk.c, where holes in hugetlb ranges are mishandled. This allows a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted mincore() call. Public sources attrib...
CVE-2017-11473
CVE-2017-11473 describes a buffer overflow in the Linux kernel, specifically in arch/x86/kernel/acpi/boot.c::mp_override_legacy_irq(), up to version 3.2. An attacker with local access can escalate privileges by presenting a crafted ACPI table. Exploitation is local and does not require user inter...
CVE-2017-7487
The CVE-2017-7487 issue is in the Linux kernel net/ipx/af_ipx.c ipxitf_ioctl: reference count mishandling causes a use-after-free via a failed SIOCGIFADDR on an IPX interface, enabling local denial of service. Evidence in connected Nessus advisories confirms the vulnerability and that it affects ...
CVE-2017-5669
The vulnerability CVE-2017-5669 affects the Linux kernel’s do_shmat() in ipc/shm.c up to and including 4.9.12, where the rounding operation on the mapped address is not restricted. This allows local (privileged) users to map page zero and bypass the mmap protection mechanism via crafted shmget/sh...
CVE-2017-16526
CVE-2017-16526 affects the Linux kernel driver code drivers/uwb/uwbd.c up to version 4.13.5; a crafted USB device could trigger a general protection fault and system crash via local access, potentially causing denial of service or other impact. The connected Unity Linux advisories (UTSA-2026-0016...
CVE-2017-15116
CVE-2017-15116 affects the Linux kernel rngapi_reset() in crypto/rng.c, vulnerable before version 4.2. The issue allows a local attacker to trigger a NULL pointer dereference, causing a denial of service. Connected Nessus advisories (Unity Linux and EulerOS entries) reiterate the same description...
CVE-2017-16533
CVE-2017-16533 affects the Linux kernel’s usbhid_parse() in drivers/hid/usbhid/hid-core.c up to and including version 4.13.7; a crafted USB device can cause an out-of-bounds read, leading to local denial of service or a crash. Affected component: HID USB host controller driver (usbhid). Root caus...
CVE-2017-16532
CVE-2017-16532: A vulnerability in the Linux kernel ≤ 4.13.11 affects the get_endpoints function in drivers/usb/misc/usbtest.c, enabling local users to trigger a denial of service via a crafted USB device, through a NULL pointer dereference and potential system crash. The issue is triggered by a ...
CVE-2017-16529
CVE-2017-16529 affects the Linux kernel’s snd_usb_create_streams in sound/usb/card.c, allowing a local attacker to trigger an out-of-bounds read and system crash via a crafted USB device, with impact described as a denial of service and potentially other effects. The issue is present in kernels p...
CVE-2017-16530
CVE-2017-16530 affects the Linux kernel uas driver (drivers/usb/storage/uas.c; uas-detect.h). The issue allows a local user to trigger a denial of service or potentially other impact via a crafted USB device, caused by an out-of-bounds read. Affected condition is the uas driver in the kernel prio...
CVE-2017-16527
CVE-2017-16527 affects the Linux kernel component sound/usb/mixer.c, vulnerable before version 4.13.8. A crafted USB device can trigger a snd_usb_mixer_interrupt use-after-free, causing denial of service or system crash. Exploitation vectors are local to physical USB device interaction. The conne...
CVE-2017-16531
CVE-2017-16531 affects the Linux kernel before 4.13.6, where the driver/usb/core/config.c path allows a local user to trigger an out-of-bounds read via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. Exploitation could cause a denial of service (kernel crash) and pot...
CVE-2017-15102
CVE-2017-15102 originates from the Linux kernel prior to 4.8.1, where the tower_probe function in drivers/usb/misc/legousbtower.c can be exploited locally by a near-physically proximate attacker via a crafted USB device. The issue is triggered by a write-what-where condition that arises after a r...
CVE-2017-10662
The CVE-2017-10662 issue affects the Linux kernel’s F2FS implementation: the sanity_check_raw_super function in fs/f2fs/super.c fails to validate the segment count, enabling local privilege escalation. Concretely, affected versions are before 4.11.1. Several connected advisories (e.g., UTSA/Euler...
CVE-2017-9985
CVE-2017-9985 is a local double-fetch vulnerability in the Linux kernel (snd_msndmidi_input_read in sound/isa/msnd/msnd_midi.c) affecting up to version 4.11.7. Exploitation can cause denial of service (over-boundary access) with potential unspecified impact. Public references in Nessus/OpenVAS/U-...
CVE-2015-9004
CVE-2015-9004 affects the Linux kernel up to version 3.18 (pre-3.19). The flaw is in kernel/events/core.c where improper handling of counter grouping enables local privilege escalation via crafted apps, involving perf_pmu_register and perf_event_open. The impact is local Privilege Escalation with...
CVE-2017-9984
The CVE-2017-9984 issue affects the Linux kernel’s snd_msnd_interrupt path (sound/isa/msnd/msnd_pinnacle.c) and is a local, double-fetch vulnerability that can allow over-boundary access to a message queue head pointer, potentially enabling DoS or other impact. The advisory notes vulnerable until...
CVE-2006-5331
CVE-2006-5331 affects the Linux kernel on 64-bit PowerPC systems. The altivec_unavailable_exception function mishandles the path where CONFIG_ALTIVEC is defined and the CPU supports Altivec, but Altivec support was not detected by the kernel, enabling a local user to trigger an Altivec instructio...