CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2017-17712 362 Exec Code +Priv 2017-12-15 2018-04-03
6.9
None Local Medium Not required Complete Complete Complete
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
152 CVE-2017-17558 787 DoS 2017-12-12 2019-05-14
7.2
None Local Low Not required Complete Complete Complete
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
153 CVE-2017-17053 416 2017-11-28 2018-12-19
6.9
None Local Medium Not required Complete Complete Complete
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
154 CVE-2017-17052 416 2017-11-28 2017-12-20
7.2
None Local Low Not required Complete Complete Complete
The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.
155 CVE-2017-16996 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
156 CVE-2017-16995 119 DoS Overflow Mem. Corr. 2017-12-27 2018-07-27
7.2
None Local Low Not required Complete Complete Complete
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
157 CVE-2017-16939 416 DoS +Priv 2017-11-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
158 CVE-2017-16914 476 DoS 2018-01-31 2018-08-24
7.1
None Remote Medium Not required None None Complete
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
159 CVE-2017-16913 119 DoS Overflow 2018-01-31 2018-08-24
7.1
None Remote Medium Not required None None Complete
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.
160 CVE-2017-16912 125 DoS 2018-01-31 2018-08-24
7.1
None Remote Medium Not required None None Complete
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
161 CVE-2017-16650 369 DoS 2017-11-07 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
162 CVE-2017-16649 369 DoS 2017-11-07 2018-11-28
7.2
None Local Low Not required Complete Complete Complete
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
163 CVE-2017-16648 416 DoS 2017-11-07 2018-10-31
7.2
None Local Low Not required Complete Complete Complete
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.
164 CVE-2017-16647 476 DoS 2017-11-07 2018-04-05
7.2
None Local Low Not required Complete Complete Complete
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
165 CVE-2017-16646 476 DoS 2017-11-07 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
166 CVE-2017-16645 125 DoS 2017-11-07 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
167 CVE-2017-16644 388 DoS 2017-11-07 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
168 CVE-2017-16643 125 DoS 2017-11-07 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
169 CVE-2017-16538 20 DoS 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
170 CVE-2017-16537 476 DoS 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
171 CVE-2017-16536 476 DoS 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
172 CVE-2017-16535 125 DoS 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
173 CVE-2017-16534 119 DoS Overflow 2017-11-03 2018-01-05
7.2
None Local Low Not required Complete Complete Complete
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
174 CVE-2017-16533 125 DoS 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
175 CVE-2017-16532 476 DoS 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
176 CVE-2017-16531 119 DoS Overflow 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
177 CVE-2017-16530 125 DoS 2017-11-03 2017-11-17
7.2
None Local Low Not required Complete Complete Complete
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.
178 CVE-2017-16529 125 DoS 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
179 CVE-2017-16528 416 DoS 2017-11-03 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
180 CVE-2017-16527 416 DoS 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
181 CVE-2017-16526 119 DoS Overflow 2017-11-03 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
182 CVE-2017-16525 416 DoS 2017-11-03 2018-03-15
7.2
None Local Low Not required Complete Complete Complete
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
183 CVE-2017-15951 20 DoS 2017-10-27 2017-11-13
7.2
None Local Low Not required Complete Complete Complete
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
184 CVE-2017-15868 20 +Priv 2017-12-05 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
185 CVE-2017-15265 416 DoS 2017-10-16 2019-04-23
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
186 CVE-2017-15126 416 2018-01-14 2018-05-06
9.3
None Remote Medium Not required Complete Complete Complete
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().
187 CVE-2017-15115 416 DoS 2017-11-15 2019-05-08
7.2
None Local Low Not required Complete Complete Complete
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
188 CVE-2017-15102 476 +Priv 2017-11-15 2019-05-08
6.9
None Local Medium Not required Complete Complete Complete
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
189 CVE-2017-14497 119 DoS Overflow Mem. Corr. 2017-09-15 2018-01-12
7.2
None Local Low Not required Complete Complete Complete
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.
190 CVE-2017-13715 20 DoS Exec Code 2017-08-28 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
191 CVE-2017-13686 476 DoS 2017-08-24 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.
192 CVE-2017-12762 119 Overflow 2017-08-09 2018-04-05
10.0
None Remote Low Not required Complete Complete Complete
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
193 CVE-2017-12188 22 DoS Exec Code Dir. Trav. 2017-10-11 2018-03-07
6.9
None Local Medium Not required Complete Complete Complete
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."
194 CVE-2017-12146 362 +Priv 2017-09-08 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.
195 CVE-2017-11600 125 DoS 2017-07-24 2019-05-14
6.9
None Local Medium Not required Complete Complete Complete
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
196 CVE-2017-11473 119 Overflow +Priv 2017-07-20 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.
197 CVE-2017-11176 416 DoS 2017-07-11 2018-12-13
7.2
None Local Low Not required Complete Complete Complete
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
198 CVE-2017-10810 772 DoS 2017-07-04 2019-10-02
7.8
None Remote Low Not required None None Complete
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.
199 CVE-2017-10663 129 +Priv 2017-08-19 2017-08-23
7.2
None Local Low Not required Complete Complete Complete
The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.
200 CVE-2017-10662 +Priv 2017-08-19 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.
Total number of vulnerabilities : 987   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.