Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-8824 7.2
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
24-02-2023 - 18:32 05-12-2017 - 09:29
CVE-2017-7889 7.2
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access re
14-02-2023 - 21:12 17-04-2017 - 00:59
CVE-2017-7542 4.9
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
12-02-2023 - 23:30 21-07-2017 - 16:29
CVE-2017-12192 4.9
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial
12-02-2023 - 23:28 12-10-2017 - 00:29
CVE-2017-12190 4.9
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them int
12-02-2023 - 23:27 22-11-2017 - 18:29
CVE-2017-17806 7.2
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HAS
19-01-2023 - 16:26 20-12-2017 - 23:29
CVE-2017-18017 10.0
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other im
19-01-2023 - 16:26 03-01-2018 - 06:29
CVE-2017-15868 7.2
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
19-01-2023 - 15:46 05-12-2017 - 23:29
CVE-2017-15115 7.2
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possi
19-01-2023 - 15:46 15-11-2017 - 21:29
CVE-2017-5669 4.6
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for
09-10-2020 - 14:49 24-02-2017 - 15:59
CVE-2018-5344 4.6
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
24-08-2020 - 17:37 12-01-2018 - 09:29
CVE-2017-0861 4.6
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
15-07-2020 - 03:15 16-11-2017 - 23:29
CVE-2018-5333 4.9
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
22-01-2020 - 19:15 11-01-2018 - 07:29
CVE-2017-12153 4.9
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be i
09-10-2019 - 23:22 21-09-2017 - 15:29
CVE-2017-17450 4.6
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data s
03-10-2019 - 00:03 07-12-2017 - 00:29
CVE-2017-0750 6.8
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.
03-10-2019 - 00:03 09-08-2017 - 21:29
CVE-2017-1000407 6.1
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
14-05-2019 - 22:29 11-12-2017 - 21:29
CVE-2017-15102 6.9
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occur
08-05-2019 - 18:14 15-11-2017 - 21:29
CVE-2017-14140 2.1
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
12-04-2018 - 01:29 05-09-2017 - 06:29
CVE-2017-16525 7.2
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB
16-03-2018 - 01:29 04-11-2017 - 01:29
CVE-2017-14051 4.9
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
16-03-2018 - 01:29 31-08-2017 - 04:29
CVE-2017-14489 4.9
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
16-03-2018 - 01:29 15-09-2017 - 10:29
CVE-2017-14156 2.1
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations
16-03-2018 - 01:29 05-09-2017 - 17:29
CVE-2017-15274 4.9
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted
16-03-2018 - 01:29 12-10-2017 - 00:29
Back to Top Mark selected
Back to Top