Vulnerabilities > Linux > Linux Kernel > 2.1.47

DATE CVE VULNERABILITY TITLE RISK
2017-04-18 CVE-2017-7645 Improper Input Validation vulnerability in multiple products
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
network
low complexity
linux debian canonical CWE-20
7.5
2017-04-17 CVE-2017-7889 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
local
low complexity
linux debian canonical CWE-732
7.8
2017-04-10 CVE-2017-7616 7PK - Errors vulnerability in Linux Kernel
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
local
low complexity
linux CWE-388
2.1
2017-04-05 CVE-2017-2671 Unspecified vulnerability in Linux Kernel
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
local
low complexity
linux
5.5
2017-04-04 CVE-2016-10318 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.
network
low complexity
linux CWE-264
4.0
2017-04-04 CVE-2014-9922 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
network
linux google CWE-264
critical
9.3
2017-03-31 CVE-2017-2647 NULL Pointer Dereference vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.
local
low complexity
linux CWE-476
7.8
2017-03-30 CVE-2017-7346 Improper Input Validation vulnerability in Linux Kernel
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
local
low complexity
linux CWE-20
4.9
2017-03-28 CVE-2017-7277 Out-of-bounds Read vulnerability in Linux Kernel
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.
local
low complexity
linux CWE-125
6.6
2017-03-24 CVE-2017-7261 Improper Input Validation vulnerability in Linux Kernel
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.
local
low complexity
linux CWE-20
4.9