CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux : Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000004 362 DoS 2018-01-16 2018-02-02
7.1
None Remote Medium Not required None None Complete
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
2 CVE-2018-5703 787 DoS 2018-01-16 2018-02-15
10.0
None Remote Low Not required Complete Complete Complete
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.
3 CVE-2018-5344 416 DoS 2018-01-12 2018-02-01
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
4 CVE-2017-1000407 754 DoS 2017-12-11 2018-02-03
6.1
None Local Network Low Not required None None Complete
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
5 CVE-2017-1000252 20 DoS 2017-09-26 2017-11-05
2.1
None Local Low Not required None None Partial
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
6 CVE-2017-18079 476 DoS 2018-01-29 2018-02-15
7.2
None Local Low Not required Complete Complete Complete
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
7 CVE-2017-18075 399 DoS 2018-01-24 2018-02-09
7.2
None Local Low Not required Complete Complete Complete
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
8 CVE-2017-18017 416 DoS Mem. Corr. 2018-01-03 2018-01-17
10.0
None Remote Low Not required Complete Complete Complete
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
9 CVE-2017-17975 416 DoS 2017-12-29 2018-01-10
4.9
None Local Low Not required None None Complete
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
10 CVE-2017-17863 190 DoS Overflow 2017-12-27 2018-01-12
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.
11 CVE-2017-17862 20 DoS 2017-12-27 2018-01-12
4.9
None Local Low Not required None None Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.
12 CVE-2017-17857 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
13 CVE-2017-17856 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.
14 CVE-2017-17855 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.
15 CVE-2017-17854 190 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
16 CVE-2017-17853 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
17 CVE-2017-17852 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.
18 CVE-2017-17805 20 DoS 2017-12-20 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
19 CVE-2017-17558 787 DoS 2017-12-12 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
20 CVE-2017-16996 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
21 CVE-2017-16995 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-12
7.2
None Local Low Not required Complete Complete Complete
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
22 CVE-2017-16939 264 DoS +Priv 2017-11-24 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
23 CVE-2017-16914 476 DoS 2018-01-31 2018-02-16
7.1
None Remote Medium Not required None None Complete
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
24 CVE-2017-16913 119 DoS Overflow 2018-01-31 2018-02-16
7.1
None Remote Medium Not required None None Complete
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.
25 CVE-2017-16912 125 DoS 2018-01-31 2018-02-16
7.1
None Remote Medium Not required None None Complete
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
26 CVE-2017-16650 369 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
27 CVE-2017-16649 369 DoS 2017-11-07 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
28 CVE-2017-16648 416 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.
29 CVE-2017-16647 476 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
30 CVE-2017-16646 476 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
31 CVE-2017-16645 125 DoS 2017-11-07 2017-11-28
7.2
None Local Low Not required Complete Complete Complete
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
32 CVE-2017-16644 388 DoS 2017-11-07 2017-12-24
7.2
None Local Low Not required Complete Complete Complete
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
33 CVE-2017-16643 125 DoS 2017-11-07 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
34 CVE-2017-16538 20 DoS 2017-11-03 2018-01-10
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
35 CVE-2017-16537 476 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
36 CVE-2017-16536 476 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
37 CVE-2017-16535 125 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
38 CVE-2017-16534 119 DoS Overflow 2017-11-03 2018-01-05
7.2
None Local Low Not required Complete Complete Complete
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
39 CVE-2017-16533 125 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
40 CVE-2017-16532 476 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
41 CVE-2017-16531 119 DoS Overflow 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
42 CVE-2017-16530 125 DoS 2017-11-03 2017-11-17
7.2
None Local Low Not required Complete Complete Complete
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.
43 CVE-2017-16529 125 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
44 CVE-2017-16528 416 DoS 2017-11-03 2017-11-17
7.2
None Local Low Not required Complete Complete Complete
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
45 CVE-2017-16527 416 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
46 CVE-2017-16526 119 DoS Overflow 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
47 CVE-2017-16525 416 DoS 2017-11-03 2018-02-03
7.2
None Local Low Not required Complete Complete Complete
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
48 CVE-2017-15951 20 DoS 2017-10-27 2017-11-13
7.2
None Local Low Not required Complete Complete Complete
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
49 CVE-2017-15306 476 DoS 2017-11-06 2017-11-28
4.9
None Local Low Not required None None Complete
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
50 CVE-2017-15299 476 DoS 2017-10-14 2018-02-03
4.9
None Local Low Not required None None Complete
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.
Total number of vulnerabilities : 1131   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.