Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In December 2017 (Overflow)
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2018-03-16
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2023-02-07
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2023-02-07
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2023-02-24
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2023-02-07
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2023-01-19
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2023-01-19
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-20
Updated
2023-01-19
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2023-01-19
CVE-2017-16995
Public exploit
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
Max CVSS
7.8
EPSS Score
0.05%
Published
2017-12-27
Updated
2023-01-19
10 vulnerabilities found