Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-18017 | 10.0 |
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other im
|
24-04-2024 - 13:40 | 03-01-2018 - 06:29 | |
CVE-2017-8824 | 7.2 |
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
|
24-02-2023 - 18:32 | 05-12-2017 - 09:29 | |
CVE-2017-7889 | 7.2 |
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access re
|
14-02-2023 - 21:12 | 17-04-2017 - 00:59 | |
CVE-2017-7542 | 4.9 |
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
|
12-02-2023 - 23:30 | 21-07-2017 - 16:29 | |
CVE-2017-12192 | 4.9 |
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial
|
12-02-2023 - 23:28 | 12-10-2017 - 00:29 | |
CVE-2017-12190 | 4.9 |
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them int
|
12-02-2023 - 23:27 | 22-11-2017 - 18:29 | |
CVE-2017-17806 | 7.2 |
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HAS
|
19-01-2023 - 16:26 | 20-12-2017 - 23:29 | |
CVE-2017-15868 | 7.2 |
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
|
19-01-2023 - 15:46 | 05-12-2017 - 23:29 | |
CVE-2017-15115 | 7.2 |
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possi
|
19-01-2023 - 15:46 | 15-11-2017 - 21:29 | |
CVE-2017-5669 | 4.6 |
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for
|
09-10-2020 - 14:49 | 24-02-2017 - 15:59 | |
CVE-2018-5344 | 4.6 |
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
|
24-08-2020 - 17:37 | 12-01-2018 - 09:29 | |
CVE-2017-0861 | 4.6 |
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
|
15-07-2020 - 03:15 | 16-11-2017 - 23:29 | |
CVE-2018-5333 | 4.9 |
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
|
22-01-2020 - 19:15 | 11-01-2018 - 07:29 | |
CVE-2017-12153 | 4.9 |
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be i
|
09-10-2019 - 23:22 | 21-09-2017 - 15:29 | |
CVE-2017-17450 | 4.6 |
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data s
|
03-10-2019 - 00:03 | 07-12-2017 - 00:29 | |
CVE-2017-0750 | 6.8 |
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.
|
03-10-2019 - 00:03 | 09-08-2017 - 21:29 | |
CVE-2017-1000407 | 6.1 |
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
|
14-05-2019 - 22:29 | 11-12-2017 - 21:29 | |
CVE-2017-15102 | 6.9 |
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occur
|
08-05-2019 - 18:14 | 15-11-2017 - 21:29 | |
CVE-2017-14140 | 2.1 |
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
|
12-04-2018 - 01:29 | 05-09-2017 - 06:29 | |
CVE-2017-16525 | 7.2 |
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB
|
16-03-2018 - 01:29 | 04-11-2017 - 01:29 | |
CVE-2017-14051 | 4.9 |
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
|
16-03-2018 - 01:29 | 31-08-2017 - 04:29 | |
CVE-2017-14489 | 4.9 |
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
|
16-03-2018 - 01:29 | 15-09-2017 - 10:29 | |
CVE-2017-14156 | 2.1 |
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations
|
16-03-2018 - 01:29 | 05-09-2017 - 17:29 | |
CVE-2017-15274 | 4.9 |
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted
|
16-03-2018 - 01:29 | 12-10-2017 - 00:29 |