CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000379 264 2017-06-19 2017-08-11
7.2
Admin Local Low Not required Complete Complete Complete
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
2 CVE-2017-1000371 264 2017-06-19 2017-11-05
7.2
None Local Low Not required Complete Complete Complete
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.
3 CVE-2017-1000370 264 2017-06-19 2017-11-05
7.2
Admin Local Low Not required Complete Complete Complete
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.
4 CVE-2017-1000365 264 Bypass 2017-06-19 2017-11-03
7.2
Admin Local Low Not required Complete Complete Complete
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
5 CVE-2017-1000251 119 Exec Code Overflow 2017-09-12 2017-12-08
8.3
Admin Local Network Low Not required Complete Complete Complete
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
6 CVE-2017-1000111 264 2017-10-04 2017-12-06
7.2
None Local Low Not required Complete Complete Complete
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
7 CVE-2017-16939 264 DoS +Priv 2017-11-24 2017-12-08
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
8 CVE-2017-16650 369 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
9 CVE-2017-16649 369 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
10 CVE-2017-16648 416 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.
11 CVE-2017-16647 476 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
12 CVE-2017-16646 476 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
13 CVE-2017-16645 125 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
14 CVE-2017-16644 388 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
15 CVE-2017-16643 125 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
16 CVE-2017-16538 20 DoS 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
17 CVE-2017-16537 476 DoS 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
18 CVE-2017-16536 476 DoS 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
19 CVE-2017-16535 125 DoS 2017-11-03 2017-12-05
7.2
None Local Low Not required Complete Complete Complete
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
20 CVE-2017-16534 119 DoS Overflow 2017-11-03 2017-11-17
7.2
None Local Low Not required Complete Complete Complete
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
21 CVE-2017-16533 125 DoS 2017-11-03 2017-12-05
7.2
None Local Low Not required Complete Complete Complete
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
22 CVE-2017-16532 476 DoS 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
23 CVE-2017-16531 119 DoS Overflow 2017-11-03 2017-12-05
7.2
None Local Low Not required Complete Complete Complete
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
24 CVE-2017-16530 125 DoS 2017-11-03 2017-11-17
7.2
None Local Low Not required Complete Complete Complete
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.
25 CVE-2017-16529 125 DoS 2017-11-03 2017-11-17
7.2
None Local Low Not required Complete Complete Complete
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
26 CVE-2017-16528 416 DoS 2017-11-03 2017-11-17
7.2
None Local Low Not required Complete Complete Complete
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
27 CVE-2017-16527 416 DoS 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
28 CVE-2017-16526 119 DoS Overflow 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
29 CVE-2017-16525 416 DoS 2017-11-03 2017-12-05
7.2
None Local Low Not required Complete Complete Complete
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
30 CVE-2017-15951 20 DoS 2017-10-27 2017-11-13
7.2
None Local Low Not required Complete Complete Complete
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
31 CVE-2017-15115 416 DoS 2017-11-15 2017-12-03
7.2
None Local Low Not required Complete Complete Complete
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
32 CVE-2017-14497 119 DoS Overflow Mem. Corr. 2017-09-15 2017-11-05
7.2
None Local Low Not required Complete Complete Complete
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.
33 CVE-2017-13715 20 DoS Exec Code 2017-08-28 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
34 CVE-2017-13686 476 DoS 2017-08-24 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.
35 CVE-2017-12762 119 Overflow 2017-08-09 2017-08-25
10.0
None Remote Low Not required Complete Complete Complete
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
36 CVE-2017-11473 119 Overflow +Priv 2017-07-20 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.
37 CVE-2017-11176 416 DoS 2017-07-11 2017-12-06
10.0
None Remote Low Not required Complete Complete Complete
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
38 CVE-2017-10810 399 DoS 2017-07-04 2017-11-03
7.8
None Remote Low Not required None None Complete
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.
39 CVE-2017-10663 129 +Priv 2017-08-19 2017-08-23
7.2
None Local Low Not required Complete Complete Complete
The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.
40 CVE-2017-10662 264 +Priv 2017-08-19 2017-08-23
7.2
None Local Low Not required Complete Complete Complete
The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.
41 CVE-2017-10661 416 DoS +Priv 2017-08-19 2017-11-05
7.6
None Remote High Not required Complete Complete Complete
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
42 CVE-2017-9986 125 DoS 2017-06-28 2017-06-30
7.2
None Local Low Not required Complete Complete Complete
The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
43 CVE-2017-9985 125 DoS 2017-06-28 2017-08-07
7.2
None Local Low Not required Complete Complete Complete
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
44 CVE-2017-9984 125 DoS 2017-06-28 2017-08-07
7.2
None Local Low Not required Complete Complete Complete
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
45 CVE-2017-9077 19 DoS 2017-05-19 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
46 CVE-2017-9076 19 DoS 2017-05-19 2017-11-03
7.2
None Local Low Not required Complete Complete Complete
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
47 CVE-2017-9075 19 DoS 2017-05-19 2017-11-03
7.2
None Local Low Not required Complete Complete Complete
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
48 CVE-2017-9074 125 DoS 2017-05-19 2017-11-03
7.2
None Local Low Not required Complete Complete Complete
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
49 CVE-2017-8890 415 DoS 2017-05-10 2017-11-03
10.0
None Remote Low Not required Complete Complete Complete
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
50 CVE-2017-8831 125 DoS 2017-05-08 2017-08-16
7.2
None Local Low Not required Complete Complete Complete
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.
Total number of vulnerabilities : 669   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.