Vulnerabilities > Linux > Linux Kernel > 2.6.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-04 | CVE-2017-16531 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. | 6.6 |
2017-11-04 | CVE-2017-16530 | Out-of-bounds Read vulnerability in Linux Kernel The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. | 6.6 |
2017-11-04 | CVE-2017-16529 | Out-of-bounds Read vulnerability in multiple products The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
2017-11-04 | CVE-2017-16527 | Use After Free vulnerability in multiple products sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
2017-11-04 | CVE-2017-16526 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. | 7.8 |
2017-10-29 | CVE-2006-5331 | Data Processing Errors vulnerability in Linux Kernel The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction. | 4.9 |
2017-10-19 | CVE-2017-15649 | Race Condition vulnerability in Linux Kernel net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. | 4.6 |
2017-10-17 | CVE-2017-15537 | Information Exposure vulnerability in Linux Kernel The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. | 2.1 |
2017-10-16 | CVE-2017-15265 | Use After Free vulnerability in Linux Kernel Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. | 7.0 |
2017-10-14 | CVE-2017-15299 | NULL Pointer Dereference vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. | 5.5 |