Vulnerabilities > Linux > Linux Kernel > 3.18.47

DATE CVE VULNERABILITY TITLE RISK
2017-02-06 CVE-2017-5550 Information Exposure vulnerability in Linux Kernel
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.
local
low complexity
linux CWE-200
2.1
2017-02-06 CVE-2017-5549 Information Exposure Through Log Files vulnerability in Linux Kernel
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.
local
low complexity
linux CWE-532
2.1
2017-02-06 CVE-2017-2596 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
local
low complexity
linux CWE-772
6.5
2017-02-06 CVE-2017-2583 Unspecified vulnerability in Linux Kernel
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.
local
low complexity
linux
8.4
2017-02-06 CVE-2016-10208 Out-of-bounds Read vulnerability in Linux Kernel
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
local
low complexity
linux CWE-125
4.9
2017-01-18 CVE-2016-10147 NULL Pointer Dereference vulnerability in Linux Kernel
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).
local
low complexity
linux CWE-476
5.5
2017-01-15 CVE-2017-2584 Use After Free vulnerability in Linux Kernel
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
local
low complexity
linux CWE-416
3.6
2016-12-28 CVE-2016-9794 Use After Free vulnerability in Linux Kernel
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
local
low complexity
linux CWE-416
7.8
2016-12-28 CVE-2016-9793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
local
low complexity
linux CWE-119
7.8
2016-12-28 CVE-2016-9756 Information Exposure vulnerability in Linux Kernel
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
local
low complexity
linux CWE-200
2.1