Vulnerabilities > Linux > Linux Kernel > 3.10.108

DATE CVE VULNERABILITY TITLE RISK
2017-11-04 CVE-2017-16531 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
low complexity
linux CWE-119
6.6
2017-11-04 CVE-2017-16530 Out-of-bounds Read vulnerability in Linux Kernel
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.
low complexity
linux CWE-125
6.6
2017-11-04 CVE-2017-16529 Out-of-bounds Read vulnerability in multiple products
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical debian CWE-125
6.6
2017-11-04 CVE-2017-16527 Use After Free vulnerability in multiple products
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical debian CWE-416
6.6
2017-11-04 CVE-2017-16526 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
local
low complexity
linux canonical debian CWE-119
7.8
2017-10-14 CVE-2017-15299 NULL Pointer Dereference vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.
local
low complexity
linux CWE-476
5.5
2017-10-12 CVE-2017-12192 NULL Pointer Dereference vulnerability in Linux Kernel
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.
local
low complexity
linux CWE-476
5.5
2017-09-26 CVE-2017-12154 Unspecified vulnerability in Linux Kernel
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
local
low complexity
linux
7.1
2017-09-20 CVE-2017-12168 Reachable Assertion vulnerability in Linux Kernel
The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).
local
low complexity
linux CWE-617
6.0
2017-09-12 CVE-2017-1000251 Out-of-bounds Write vulnerability in multiple products
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
low complexity
linux debian nvidia redhat CWE-787
8.0