Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In May 2017 (Memory corruption)
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-05-23
Updated
2017-06-08
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
Max CVSS
7.8
EPSS Score
0.07%
Published
2017-05-10
Updated
2023-02-24
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-05-14
Updated
2023-02-14
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363.
Max CVSS
7.6
EPSS Score
0.07%
Published
2017-05-12
Updated
2019-10-03
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
Max CVSS
7.6
EPSS Score
0.08%
Published
2017-05-02
Updated
2023-12-28
5 vulnerabilities found