Vulnerabilities > Linux > Linux Kernel > 3.5

DATE CVE VULNERABILITY TITLE RISK
2018-01-11 CVE-2018-5332 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
local
low complexity
linux debian canonical CWE-787
7.8
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8
2017-12-30 CVE-2017-17975 Use After Free vulnerability in Linux Kernel
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
local
low complexity
linux CWE-416
4.9
2017-12-27 CVE-2017-17864 Information Exposure vulnerability in Linux Kernel
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
local
low complexity
linux debian CWE-200
2.1
2017-12-27 CVE-2017-17862 Improper Input Validation vulnerability in Linux Kernel
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers.
local
low complexity
linux debian CWE-20
4.9
2017-12-20 CVE-2017-17807 Missing Authorization vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
local
low complexity
linux CWE-862
2.1
2017-12-20 CVE-2017-17806 Out-of-bounds Write vulnerability in multiple products
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
7.8
2017-12-20 CVE-2017-17805 Improper Input Validation vulnerability in multiple products
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API.
7.8
2017-12-18 CVE-2017-17741 Out-of-bounds Read vulnerability in Linux Kernel
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
local
low complexity
linux debian CWE-125
2.1
2017-12-12 CVE-2017-17558 Out-of-bounds Write vulnerability in Linux Kernel
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
local
low complexity
linux suse CWE-787
7.2