Vulnerabilities > Linux > Linux Kernel > 3.10.59

DATE CVE VULNERABILITY TITLE RISK
2017-10-05 CVE-2017-1000253 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015).
local
low complexity
redhat centos linux CWE-119
7.8
2017-10-05 CVE-2017-1000112 Race Condition vulnerability in Linux Kernel
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch.
local
high complexity
linux CWE-362
7.0
2017-10-05 CVE-2017-1000111 Out-of-bounds Write vulnerability in multiple products
Linux kernel: heap out-of-bounds in AF_PACKET sockets.
local
low complexity
linux redhat debian CWE-787
7.8
2017-10-04 CVE-2017-14991 Information Exposure vulnerability in Linux Kernel
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
local
low complexity
linux CWE-200
2.1
2017-10-02 CVE-2017-14954 Information Exposure vulnerability in Linux Kernel
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
local
low complexity
linux CWE-200
2.1
2017-09-26 CVE-2017-12154 Unspecified vulnerability in Linux Kernel
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
local
low complexity
linux
7.1
2017-09-26 CVE-2017-1000252 Reachable Assertion vulnerability in Linux Kernel
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
local
low complexity
linux CWE-617
2.1
2017-09-21 CVE-2017-12153 NULL Pointer Dereference vulnerability in Linux Kernel
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3.
local
low complexity
linux debian canonical CWE-476
4.9
2017-09-20 CVE-2017-12168 Reachable Assertion vulnerability in Linux Kernel
The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).
local
low complexity
linux CWE-617
6.0
2017-09-15 CVE-2017-14340 NULL Pointer Dereference vulnerability in Linux Kernel
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.
local
low complexity
linux CWE-476
4.9