Vulnerabilities > Linux > Linux Kernel > 3.17.8

DATE CVE VULNERABILITY TITLE RISK
2015-06-07 CVE-2015-4001 Numeric Errors vulnerability in Linux Kernel
Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
network
low complexity
linux CWE-189
critical
9.0
2015-05-27 CVE-2015-3332 Resource Management Errors vulnerability in multiple products
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.
local
low complexity
debian linux CWE-399
4.9
2015-03-16 CVE-2015-1420 Race Condition vulnerability in multiple products
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
1.9
2014-12-24 CVE-2014-4322 Out-Of-Bounds Write vulnerability in Linux Kernel
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
local
low complexity
linux CWE-787
7.2
2014-12-12 CVE-2014-8134 The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
local
low complexity
linux canonical opensuse suse oracle
3.3
2014-06-07 CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
local
low complexity
linux redhat suse opensuse canonical oracle
7.8