Vulnerabilities > Linux > Linux Kernel > 4.13.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-04 | CVE-2017-16536 | NULL Pointer Dereference vulnerability in Linux Kernel The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | 7.2 |
| 2017-11-04 | CVE-2017-16535 | Out-of-bounds Read vulnerability in Linux Kernel The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 7.2 |
| 2017-11-04 | CVE-2017-16533 | Out-of-bounds Read vulnerability in multiple products The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16532 | NULL Pointer Dereference vulnerability in multiple products The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16527 | Use After Free vulnerability in multiple products sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16525 | Use After Free vulnerability in multiple products The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. | 6.6 |
| 2017-10-28 | CVE-2017-15951 | Improper Input Validation vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-10-16 | CVE-2017-15265 | Use After Free vulnerability in Linux Kernel Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. | 7.0 |
| 2017-10-14 | CVE-2017-15299 | NULL Pointer Dereference vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. | 5.5 |
| 2017-10-11 | CVE-2017-12188 | Stack-based Buffer Overflow vulnerability in Linux Kernel arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." | 7.8 |