4 matches found
CVE-2017-17864
CVE-2017-17864 affects the Linux kernel up to version 4.14.8, specifically the BPF verifier code (kernel/bpf/verifier.c). The root cause is a mishandling of states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which can allow a local user to leak potentially sen...
CVE-2017-17862
CVE-2017-17862 affects the Linux kernel up to 4.14.8. The issue stems from kernel/bpf/verifier.c mis-pruning of unreachable code, which could be mishandled by JITs and enable a local denial-of-service by unprivileged users. Connected advisories and patches indicate this was addressed via kernel f...
CVE-2017-16912
The CVE-2017-16912 issue affects the Linux kernel’s USB/IP stack (get_pipe() in drivers/usb/usbip/stub_rx.c) and is exploitable via crafted USB over IP packets to trigger an out-of-bounds read, causing DoS. Affected versions are pre-4.14.8, pre-4.9.71, and pre-4.4.114; fixes were released in Chan...
CVE-2018-1000028
CVE-2018-1000028 is a Linux kernel vulnerability affecting kernels released after commit bdcf0a423ea1 (examples: 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+). It describes an Incorrect Access Control flaw in the NFS server (nfsd) that can let remote attackers read or write files they should not access ...