Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LinuxLinux Kernel

15 matches found

CVE
CVEadded 2017/10/05 1:29 a.m.443 views

CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10....

7.8CVSS7.3AI score0.55565EPSS
CVE
CVEadded 2017/10/12 12:29 a.m.244 views

CVE-2017-12192

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted...

5.5CVSS5.5AI score0.00093EPSS
CVE
CVEadded 2017/10/05 1:29 a.m.241 views

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solut...

7.8CVSS7.8AI score0.39139EPSS
CVE
CVEadded 2017/10/05 1:29 a.m.226 views

CVE-2017-1000112

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corr...

7CVSS7.4AI score0.83543EPSS
CVE
CVEadded 2017/10/16 6:29 p.m.202 views

CVE-2017-15265

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

7CVSS7.4AI score0.00096EPSS
CVE
CVEadded 2017/10/30 8:29 p.m.188 views

CVE-2017-1000255

On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the sig...

6.6CVSS6AI score0.00048EPSS
CVE
CVEadded 2017/10/19 10:29 p.m.171 views

CVE-2017-15649

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulner...

7.8CVSS7.1AI score0.00367EPSS
CVE
CVEadded 2017/10/11 3:29 p.m.157 views

CVE-2017-12188

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index dur...

7.8CVSS7.7AI score0.00055EPSS
CVE
CVEadded 2017/10/12 12:29 a.m.153 views

CVE-2017-15274

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulner...

5.5CVSS6AI score0.00093EPSS
CVE
CVEadded 2017/10/14 11:29 p.m.138 views

CVE-2017-15299

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.

5.5CVSS6.3AI score0.00011EPSS
CVE
CVEadded 2017/10/17 6:29 p.m.123 views

CVE-2017-15537

The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to...

5.5CVSS5.7AI score0.00047EPSS
CVE
CVEadded 2017/10/04 1:29 a.m.109 views

CVE-2017-14991

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

5.5CVSS5.5AI score0.00056EPSS
CVE
CVEadded 2017/10/28 2:29 a.m.104 views

CVE-2017-15951

The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system cal...

7.8CVSS7.5AI score0.00096EPSS
CVE
CVEadded 2017/10/02 1:29 a.m.79 views

CVE-2017-14954

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.

5.5CVSS5.5AI score0.00974EPSS
CVE
CVEadded 2017/10/29 6:29 a.m.49 views

CVE-2006-5331

The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users t...

5.5CVSS5.2AI score0.00059EPSS