Linux : Security Vulnerabilities, CVEs, Published In May 2017 (Denial of service)
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-05-27
Updated
2018-01-05
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-05-23
Updated
2017-06-08
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-05-19
Updated
2023-02-24
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-05-19
Updated
2023-02-24
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-05-19
Updated
2023-02-24
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-05-19
Updated
2023-02-24
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-05-18
Updated
2019-10-03
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-05-12
Updated
2019-10-03
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
Max CVSS
7.8
EPSS Score
0.07%
Published
2017-05-10
Updated
2023-02-24
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.
Max CVSS
6.9
EPSS Score
0.09%
Published
2017-05-08
Updated
2021-06-01
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-05-14
Updated
2023-02-14
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-05-11
Updated
2023-02-12
A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466.
Max CVSS
5.5
EPSS Score
0.18%
Published
2017-05-12
Updated
2017-05-19
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
Max CVSS
7.6
EPSS Score
0.08%
Published
2017-05-02
Updated
2023-12-28
14 vulnerabilities found