Vulnerabilities > Linux > Linux Kernel > 2.6.33.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-28 | CVE-2017-7895 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. | 9.8 |
2017-04-24 | CVE-2010-5329 | Resource Management Errors vulnerability in Linux Kernel The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value. | 4.9 |
2017-04-24 | CVE-2010-5321 | Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. | 4.3 |
2017-04-18 | CVE-2017-7645 | Improper Input Validation vulnerability in multiple products The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | 7.5 |
2017-04-17 | CVE-2017-7889 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | 7.8 |
2017-04-10 | CVE-2017-7616 | 7PK - Errors vulnerability in Linux Kernel Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. | 2.1 |
2017-04-05 | CVE-2017-2671 | Unspecified vulnerability in Linux Kernel The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. | 5.5 |
2017-04-04 | CVE-2016-10318 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. | 4.0 |
2017-04-04 | CVE-2014-9922 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. | 9.3 |
2017-03-31 | CVE-2017-2647 | NULL Pointer Dereference vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. | 7.8 |