Vulnerabilities > Linux > Linux Kernel > 4.4.38

DATE CVE VULNERABILITY TITLE RISK
2017-11-04 CVE-2017-16533 Out-of-bounds Read vulnerability in multiple products
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux debian canonical CWE-125
6.6
2017-11-04 CVE-2017-16532 NULL Pointer Dereference vulnerability in multiple products
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux debian canonical CWE-476
6.6
2017-11-04 CVE-2017-16531 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
low complexity
linux CWE-119
6.6
2017-11-04 CVE-2017-16530 Out-of-bounds Read vulnerability in Linux Kernel
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.
low complexity
linux CWE-125
6.6
2017-11-04 CVE-2017-16529 Out-of-bounds Read vulnerability in multiple products
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical debian CWE-125
6.6
2017-11-04 CVE-2017-16528 Use After Free vulnerability in multiple products
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical CWE-416
6.6
2017-11-04 CVE-2017-16527 Use After Free vulnerability in multiple products
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical debian CWE-416
6.6
2017-11-04 CVE-2017-16526 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
local
low complexity
linux canonical debian CWE-119
7.8
2017-11-04 CVE-2017-16525 Use After Free vulnerability in multiple products
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
low complexity
linux debian canonical CWE-416
6.6
2017-10-28 CVE-2017-15951 Improper Input Validation vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
local
low complexity
linux CWE-20
7.8