452 matches found
CVE-2017-8890
CVE-2017-8890 is a Linux kernel vulnerability affecting the IPv4 networking stack. The issue is a double free in inet_csk_clone_lock() in net/ipv4/inet_connection_sock.c, which can be triggered via the accept() system call and leads to a denial of service (kernel memory corruption/crash). The Cen...
CVE-2017-1000251
CVE-2017-1000251 affects the Linux kernel Bluetooth subsystem (BlueZ) in L2CAP processing, causing a stack buffer overflow when handling configuration responses. Affected range includes kernels from 2.6.32 up to 4.13.1. Exploitation could crash the system or, in some deployments, allow remote cod...
CVE-2017-1000253
CVE-2017-1000253 is a Linux kernel PIE stack buffer corruption vulnerability in load_elf_binary() that can allow local privilege escalation when PIE is used and memory mapping overlaps the stack region. The issue stems from not accounting for space for the entire binary, causing later PT_LOAD seg...
CVE-2017-16995
CVE-2017-16995 is a sign-extension defect in the Linux kernel's eBPF verifier (kernel/bpf/verifier.c) that can be triggered via BPF syscall, allowing a local user to escalate privileges or affect memory/behavior. Public writeups and Arch security advisories indicate the issue affects kernels prio...
CVE-2017-7308
CVE-2017-7308 applies to the Linux kernel AF_PACKET packet_set_ring implementation. The issue arises from insufficient validation of certain block-size data in net/packet/af_packet.c, enabling a local user with CAP_NET_RAW to trigger a denial of service (integer signedness error and out-of-bounds...
CVE-2017-6074
CVE-2017-6074 affects the Linux kernel up to 4.9.11, where dccp_rcv_state_process in net/dccp/input.c mishandles DCCP_PKT_REQUEST data in LISTEN state. This can allow a local user to gain root privileges or trigger a denial of service (double free) via an application using IPV6_RECVPKTINFO setsoc...
CVE-2017-1000379
The CVE-2017-1000379 entry concerns the Linux kernel (AMD64) where the kernel may map PIE/heap/ld.so contents to the stack, enabling stack manipulation. Documents indicate affected version: Linux kernel 4.11.5. Nessus-derived items (Unity Linux UTSA advisories) reiterate the same description but ...
CVE-2017-11176
CVE-2017-11176 is a local vulnerability in the Linux kernel’s Netlink mq_notify path. The issue arises because mq_notify does not set the sock pointer to NULL when entering retry logic, enabling a use-after-free scenario during a user-space close of a Netlink socket. Public sources describe poten...
CVE-2017-1000371
CVE-2017-1000371 is a Linux kernel vulnerability reported for the 4.11.5 release, caused by the offset2lib patch that can allow a stack/heap clash for 32-bit PIE binaries when RLIMIT_STACK is RLIMIT_INFINITY and 1 GB is allocated. Consequences include potential local impact (stack guard page bypa...
CVE-2017-12762
CVE-2017-12762 : Affected by a buffer overflow in the Linux kernel ISDN I4L driver. In /drivers/isdn/i4l/isdn_net.c, a user-controlled buffer is copied into a local buffer of fixed size with strcpy (no length check), leading to overflow. Impacted trees: Linux kernel 4.9-stable, 4.12-stable, 3.18-...
CVE-2017-1000410
Summary of CVE-2017-1000410 (Linux kernel info leak) : The vulnerability affects Linux kernel 3.3-rc1 and later in how L2CAP ConfigRequest/ConfigResponse are parsed. A stack variable (struct l2cap_conf_efs efs) is declared uninitialized and, depending on parsing flow and input, can be leaked back...
CVE-2017-7895
CVE-2017-7895 affects the Linux kernel NFSv2/v3 server (fs/nfsd/nfs3xdr.c, fs/nfsd/nfsxdr.c). A remote attacker can craft requests that bypass end-of-buffer checks, triggering pointer-arithmetic errors or other unspecified impacts. Affected kernels include up to 4.10.13; remediation is to upgrade...
CVE-2017-1000407
CVE-2017-1000407 affects the Linux kernel when built with KVM support, where an attacker can flood the diagnostic port 0x80 and trigger a kernel crash. Root cause: improper validation of user-supplied input at the diagnostic port, enabling denial of service via port flooding. Impact per public ad...
CVE-2017-8824
CVE-2017-8824 affects the Linux kernel DCCP implementation. The bug is a use-after-free in dccp_disconnect (net/dccp/proto.c) that can be triggered by an AF_UNSPEC connect while in the DCCP_LISTEN state, allowing a local user to escalate privileges or cause a denial of service. Public advisories ...
CVE-2017-10661
CVE-2017-10661 is a race condition in Linux kernel timerfd (fs/timerfd.c) that affects versions before 4.10.15. The flaw arises from improper protection of the might_cancel queue during concurrent timerfd operations, enabling local attackers to cause a denial of service or gain privileges via lis...
CVE-2017-1000252
CVE-2017-1000252 : The Linux kernel KVM subsystem (arch/x86/kvm/vmx.c and virt/kvm/eventfd.c) is vulnerable to a denial of service caused by an out-of-bounds guest_irq value. The issue allows a local guest OS user to trigger an assertion failure, leading to a hypervisor hang or crash. The descrip...
CVE-2017-6214
CVE-2017-6214 affects the Linux kernel TCP splice/tcp_splice_read handling of urgent data (URG flag). The vulnerability can cause a denial of service via an infinite loop/soft lockup in the kernel when processing certain TCP packets. Affected are Linux kernels older than 4.9.11; patching to 4.9.1...
CVE-2017-16939
CVE-2017-16939 affects the Linux kernel XFRM Netlink path. The use-after-free occurs in the XFRM dump policy code (net/xfrm/xfrm_user.c) when a crafted SO_RCVBUF setsockopt is used with XFRM_MSG_GETPOLICY, allowing a local attacker with CAP_NET_ADMIN to trigger a denial of service or potentially ...
CVE-2017-15115
CVE-2017-15115: Linux kernel prior to 4.14 allows local users to trigger a denial of service (use-after-free in sctp_do_peeloff in net/sctp/socket.c) via crafted system calls. Impact is system crash; no explicit exploit details provided in the documents beyond this. The IBM bulletin references th...
CVE-2017-17805
CVE-2017-17805 affects the Linux kernel prior to 4.14.8. The Salsa20 cipher implementation (crypto/salsa20_generic.c and arch/x86/crypto/salsa20_glue.c) mishandles zero-length inputs, allowing a local attacker to use the AF_ALG-based skcipher interface to trigger uninitialized memory free and ker...
CVE-2017-1000112
CVE-2017-1000112 describes a local memory corruption in the Linux kernel UFO (UDP Fragmentation Offload) path. In ip_ufo_append_data() the code can flip from UFO to non-UFO between two send() calls, causing negative copy calculations, fragmentation, and ultimately skb_copy_and_csum_bits() writing...
CVE-2017-17807
CVE-2017-17807 : Linux kernel KEYS subsystem vulnerability where the request_key() path can bypass access control when adding a key to the current task’s default request-key keyring. An unpatched kernel (pre-4.14.6) could allow a local attacker to craft a sequence of system calls to insert keys i...
CVE-2017-12192
CVE-2017-12192 affects the Linux kernel Key Management subcomponent: keyctl_read_key in security/keys/keyctl.c may be read on negatively instantiated keys, enabling a local attacker to cause a denial of service (kernel oops and crash). Affected: kernel before 4.13.5; fix implemented in 4.13.5 (Ch...
CVE-2017-1000111
CVE-2017-1000111 describes a heap/out-of-bounds race in the Linux kernel’s AF_PACKET socket handling (packet_set_ring) that can be exploited by a local user possessing CAP_NET_RAW to elevate privileges. The issue arises when a socket option changes socket state and races with safety checks; the r...
CVE-2016-10229
The CVE-2016-10229 issue affects the Linux kernel’s UDP handling: udp.c in versions before 4.5 contains an unsafe second checksum calculation when a recv call uses MSG_PEEK, enabling remote code execution. Reports and advisories (e.g., ALAS-2017-832, Alpine, Debian, Broadcom/Big-IP advisories) co...
CVE-2017-1000364
CVE-2017-1000364 affects the Linux kernel stack guard page (4k) so the stack-pointer can jump over the guard, enabling local privilege escalation. Affected: Linux kernel 4.11.5 and earlier. Impact: privilege escalation via stack-clash-like behavior; no remote vector described. Root cause: insuffi...
CVE-2017-7533
CVE-2017-7533 describes a race condition in the Linux kernel where inotify_handle_event and vfs_rename concurrently executing can be exploited by a local attacker to cause memory corruption, a denial of service, or privilege escalation. It affects Linux kernel versions up to 4.12.4; exploitation ...
CVE-2017-17741
CVE-2017-17741 affects the Linux kernel KVM implementation through 4.14.7, enabling a write_mmio stack-based out-of-bounds read that can reveal potentially sensitive information from kernel memory. Affected code paths are in arch/x86/kvm/x86.c and include/trace/events/kvm.h. The supplied document...
CVE-2017-7889
CVE-2017-7889 affects the Linux kernel mm subsystem (up to 3.2); a local attacker with access to /dev/mem can read/write kernel memory due to CONFIG_STRICT_DEVMEM not being properly enforced in arch/x86/mm/init.c and drivers/char/mem.c. Public details: Debian security advisories show fixes (e.g.,...
CVE-2017-7541
CVE-2017-7541 affects the Broadcom WLAN driver in the Linux kernel (brcmf_cfg80211_mgmt_tx in cfg80211.c). A crafted NL80211_CMD_FRAME Netlink packet can cause kernel memory corruption, leading to DoS or possible privilege escalation. Public details in connected CentOS security advisories confirm...
CVE-2017-7542
CVE-2017-7542 is a Linux kernel vulnerability described as an integer overflow in ip6_find_1stfragopt() (net/ipv6/output_core.c) that can be triggered by a local attacker who can open a raw socket, potentially causing a denial of service via an infinite loop. The initial description cites Linux k...
CVE-2016-8399
CVE-2016-8399 affects the Linux kernel networking subsystem. The issue arises from the ICMP header length not being properly validated, enabling a local attacker to trigger an out-of-bounds memory access. With CAP_NET_ADMIN, this could lead to privilege escalation or information disclosure, as de...
CVE-2017-1000405
CVE-2017-1000405 affects Linux kernel THP handling in versions 2.6.38–4.14. A flawed use of pmd_mkdirty() in touch_pmd() can be reached via get_user_pages(), allowing pmds to become dirty without a COW cycle. This enables overwriting read‑only huge pages (including zero pages and sealed SHMEM map...
CVE-2017-16644
The CVE-2017-16644 entry affects the Linux kernel: hdpvr_probe in drivers/media/usb/hdpvr/hdpvr-core.c (through kernel 4.13.11). The vulnerability allows local users to cause a denial of service or possibly other impact via a crafted USB device, due to improper error handling in hdpvr_probe. A fi...
CVE-2017-9077
CVE-2017-9077 : The Linux kernel's tcp_v6_syn_recv_sock in net/ipv6/tcp_ipv6.c mishandles inheritance, enabling a local attacker to cause a denial of service via crafted system calls. The connected CentOS/CSA entries corroborate kernel-level impact and note security updates; no remote exploit det...
CVE-2017-7184
The CVE-2017-7184 issue affects the Linux kernel xfrm subsystem, where xfrm_replay_verify_len in net/xfrm/xfrm_user.c up to 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, enabling a local attacker with CAP_NET_ADMIN to cause a heap-based out-of-bounds access and potent...
CVE-2017-1000380
CVE-2017-1000380 affects the Linux kernel ALSA sound timer driver. A race between read and ioctl on /dev/snd/timer can disclose uninitialized memory to local users. Affected: kernels prior to 4.11.5. Remediation: upgrade to Linux kernel 4.11.5 or later (upstream fix referenced by ChangeLog-4.11.5...
CVE-2017-11600
CVE-2017-11600 affects the Linux kernel xfrm subsystem (net/xfrm/xfrm_policy.c) where, when CONFIG_XFRM_MIGRATE is enabled, the dir value of xfrm_userpolicy_id is not constrained to XFRM_POLICY_MAX. This can allow a local user (CAP_NET_ADMIN) to cause a denial of service (out-of-bounds access) an...
CVE-2017-14106
CVE-2017-14106 affects the Linux kernel TCP stack: the divide-by-zero in tcp_disconnect (net/ipv4/tcp.c) can be triggered by a local attacker via a specific tcp_recvmsg path, potentially causing a system crash (DoS). Connected advisories confirm the issue across multiple vendors (IBM IMM2 bulleti...
CVE-2017-15265
CVE-2017-15265 is a race condition in the ALSA sequencer subsystem of the Linux kernel, up to version 4.13.8. A local attacker can trigger a use-after-free via crafted /dev/snd/seq ioctl calls, leading to denial of service (crash) or potentially other impacts. The vulnerability is fixed in the up...
CVE-2017-7645
The CVE-2017-7645 issue affects the Linux kernel NFSv2/v3 server (nfsd) and is triggered by processing long RPC replies. The root cause is an out-of-bounds memory access in the NFS server paths (net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, fs/nfsd/nfsxdr.c) that can lead to a system crash (DoS). Affected...
CVE-2017-2636
CVE-2017-2636 details (NORMAL mode) : A race condition in the Linux kernel N_HLDC driver (n_hdlc) can lead to a double free. A local, unprivileged user who sets the HDLC line discipline on a tty device could exploit this to escalate privileges or cause a denial of service (system crash). Exploita...
CVE-2017-17449
CVE-2017-17449 affects the Linux kernel: the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c can allow local attackers with CAP_NET_ADMIN to sniff Netlink activity across all net namespaces when CONFIG_NLMON is enabled. This results in information disclosure (exposure of kernel Net...
CVE-2017-9076
CVE-2017-9076 is a Linux kernel issue reported in the CentOS/Red Hat advisory set (CESA-2018:1854) tied to the IPv6 DCCP implementation. The vulnerability arises from mishandling of inheritance in the IPv6 DCCP code, allowing a local attacker to cause a denial of service or possibly other unspeci...
CVE-2017-10810
CVE-2017-10810: Linux kernel memory leak in virtio_gpu_object_create (drivers/gpu/drm/virtio/virtgpu_object.c) up to 4.11.8 can cause memory exhaustion and denial of service when object initialisation fails. Connected Nessus advisories (Unity Linux UTSA-2026-002867/002763/000604) reproduce the sa...
CVE-2017-9075
CVE-2017-9075 affects the Linux kernel network subsystem: the sctp_v6_create_accept_sk function in net/sctp/ipv6.c mishandles inheritance, enabling a local attacker to cause a denial of service (and possibly other effects) via crafted system calls. Connected CentOS Red Hat advisories (e.g., CESA/...
CVE-2017-15868
The CVE-2017-15868 vulnerability affects the Linux kernel up to version 3.18 (pre-3.19). The issue lies in bnep_add_connection() in net/bluetooth/bnep/core.c, which does not ensure an l2cap socket is available, enabling local users to gain privileges through a crafted application. Affected compon...
CVE-2017-6001
CVE-2017-6001 is a Linux kernel race condition in the perf_events subsystem. The initial description notes a race between concurrent perf_event_open calls for moving a software group into a hardware context, allowing local privilege escalation and tied to an incomplete fix for CVE-2016-6786. Conn...
CVE-2017-2583
CVE-2017-2583 affects the Linux kernel’s KVM emulation for x86, where load of a null stack selector can be incorrectly handled in long mode. The flaw allows a guest-host user to crash the guest OS (DoS) or potentially escalate privileges within the guest on affected CPUs, due to improper emulatio...
CVE-2017-1000255
The connected Nessus entries confirm CVE-2017-1000255 affects PowerPC Linux kernels on Power8+ where a user can craft a signal frame and sigreturn to corrupt the kernel stack by using the r1 value from the signal frame. This can overwrite arbitrary kernel memory, causing an oops and potential pan...