- Home
- CVEs with nessus.description==Security+Fix%28es%29+%3A%0A%0A++-+Out-of-bounds+kernel+heap+access+vulnerability+was+found+++++in+xfrm%2C+kernel%27s+IP+framework+for+transforming+packets.%0A++++An+error+dealing+with+netlink+messages+from+an+++++unprivileged+user+leads+to+arbitrary+read%2Fwrite+and+++++privilege+escalation.+%28CVE-2017-7184%2C+Important%29%0A%0A++-+A+race+condition+issue+leading+to+a+use-after-free+flaw+++++was+found+in+the+way+the+raw+packet+sockets+are+++++implemented+in+the+Linux+kernel+networking+subsystem+++++handling+synchronization.+A+local+user+able+to+open+a+++++raw+packet+socket+%28requires+the+CAP_NET_RAW+capability%29+++++could+use+this+flaw+to+elevate+their+privileges+on+the+++++system.+%28CVE-2017-1000111%2C+Important%29%0A%0A++-+An+exploitable+memory+corruption+flaw+was+found+in+the+++++Linux+kernel.+The+append+path+can+be+erroneously+++++switched+from+UFO+to+non-UFO+in+ip_ufo_append_data%28%29+++++when+building+an+UFO+packet+with+MSG_MORE+option.+If+++++unprivileged+user+namespaces+are+available%2C+this+flaw+++++can+be+exploited+to+gain+root+privileges.%0A++++%28CVE-2017-1000112%2C+Important%29%0A%0A++-+A+flaw+was+found+in+the+Linux+networking+subsystem+where+++++a+local+attacker+with+CAP_NET_ADMIN+capabilities+could+++++cause+an+out-of-bounds+memory+access+by+creating+a+++++smaller-than-expected+ICMP+header+and+sending+to+its+++++destination+via+sendto%28%29.+%28CVE-2016-8399%2C+Moderate%29%0A%0A++-+Kernel+memory+corruption+due+to+a+buffer+overflow+was+++++found+in+brcmf_cfg80211_mgmt_tx%28%29+function+in+Linux+++++kernels+from+v3.9-rc1+to+v4.13-rc1.+The+vulnerability+++++can+be+triggered+by+sending+a+crafted+NL80211_CMD_FRAME+++++packet+via+netlink.+This+flaw+is+unlikely+to+be+++++triggered+remotely+as+certain+userspace+code+is+needed+++++for+this.+An+unprivileged+local+user+could+use+this+flaw+++++to+induce+kernel+memory+corruption+on+the+system%2C+++++leading+to+a+crash.+Due+to+the+nature+of+the+flaw%2C+++++privilege+escalation+cannot+be+fully+ruled+out%2C+although+++++it+is+unlikely.+%28CVE-2017-7541%2C+Moderate%29%0A%0A++-+An+integer+overflow+vulnerability+in+++++ip6_find_1stfragopt%28%29+function+was+found.+A+local+++++attacker+that+has+privileges+%28of+CAP_NET_RAW%29+to+open+++++raw+socket+can+cause+an+infinite+loop+inside+the+++++ip6_find_1stfragopt%28%29+function.+%28CVE-2017-7542%2C+++++Moderate%29%0A%0A++-+A+kernel+data+leak+due+to+an+out-of-bound+read+was+found+++++in+the+Linux+kernel+in+inet_diag_msg_sctp%7B%2Cl%7Daddr_fill%28%29+++++and+sctp_get_sctp_info%28%29+functions+present+since+version+++++4.7-rc1+through+version+4.13.+A+data+leak+happens+when+++++these+functions+fill+in+sockaddr+data+structures+used+to+++++export+socket%27s+diagnostic+information.+As+a+result%2C+up+++++to+100+bytes+of+the+slab+data+could+be+leaked+to+a+++++userspace.+%28CVE-2017-7558%2C+Moderate%29%0A%0A++-+The+mq_notify+function+in+the+Linux+kernel+through+++++4.11.9+does+not+set+the+sock+pointer+to+NULL+upon+entry+++++into+the+retry+logic.+During+a+user-+space+close+of+a+++++Netlink+socket%2C+it+allows+attackers+to+possibly+cause+a+++++situation+where+a+value+may+be+used+after+being+freed+++++%28use-after-free%29+which+may+lead+to+memory+corruption+or+++++other+unspecified+other+impact.+%28CVE-2017-11176%2C+++++Moderate%29%0A%0A++-+A+divide-by-zero+vulnerability+was+found+in+the%0A++++__tcp_select_window+function+in+the+Linux+kernel.+This+++++can+result+in+a+kernel+panic+causing+a+local+denial+of+++++service.+%28CVE-2017-14106%2C+Moderate%29
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top