Vulnerabilities > Linux > Linux Kernel > 2.6.15.4

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-17807 Missing Authorization vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
local
low complexity
linux CWE-862
2.1
2017-12-20 CVE-2017-17806 Out-of-bounds Write vulnerability in multiple products
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
7.8
2017-12-18 CVE-2017-17741 Out-of-bounds Read vulnerability in Linux Kernel
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
local
low complexity
linux debian CWE-125
2.1
2017-12-12 CVE-2017-17558 Out-of-bounds Write vulnerability in Linux Kernel
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
local
low complexity
linux suse CWE-787
7.2
2017-12-07 CVE-2017-17450 Missing Authorization vulnerability in Linux Kernel
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
local
low complexity
linux CWE-862
4.6
2017-12-07 CVE-2017-17449 Information Exposure vulnerability in Linux Kernel
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.
local
linux CWE-200
1.9
2017-12-07 CVE-2017-17448 Missing Authorization vulnerability in Linux Kernel
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.
local
low complexity
linux CWE-862
4.6
2017-12-05 CVE-2017-8824 Use After Free vulnerability in Linux Kernel
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
local
low complexity
linux CWE-416
7.8
2017-11-30 CVE-2017-15116 NULL Pointer Dereference vulnerability in multiple products
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
local
low complexity
linux redhat CWE-476
5.5
2017-11-27 CVE-2017-16994 Information Exposure vulnerability in Linux Kernel
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
local
low complexity
linux CWE-200
2.1