Vulnerabilities > Linux > Linux Kernel > 4.4.46

DATE CVE VULNERABILITY TITLE RISK
2017-07-05 CVE-2017-10911 Information Exposure vulnerability in Linux Kernel
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
local
low complexity
linux CWE-200
4.9
2017-07-04 CVE-2017-10810 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.
network
low complexity
linux debian CWE-772
7.5
2017-07-02 CVE-2017-8797 Improper Validation of Array Index vulnerability in Linux Kernel
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker.
network
low complexity
linux CWE-129
7.5
2017-06-28 CVE-2017-9986 Out-of-bounds Read vulnerability in Linux Kernel
The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
local
low complexity
linux CWE-125
7.2
2017-06-28 CVE-2017-9985 Out-of-bounds Read vulnerability in multiple products
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
local
low complexity
linux canonical CWE-125
7.8
2017-06-28 CVE-2017-9984 Out-of-bounds Read vulnerability in Linux Kernel
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
local
low complexity
linux CWE-125
7.8
2017-06-19 CVE-2017-1000379 Unspecified vulnerability in Linux Kernel
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack.
local
low complexity
linux
7.8
2017-06-19 CVE-2017-1000371 Unspecified vulnerability in Linux Kernel
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker.
local
low complexity
linux
7.8
2017-06-19 CVE-2017-1000370 Unspecified vulnerability in Linux Kernel
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch.
local
low complexity
linux
7.8
2017-06-19 CVE-2017-1000365 Unspecified vulnerability in Linux Kernel
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation.
local
low complexity
linux
7.8