Vulnerabilities > Linux > Linux Kernel > 4.4.74

DATE CVE VULNERABILITY TITLE RISK
2017-06-28 CVE-2017-9984 Out-of-bounds Read vulnerability in Linux Kernel
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
local
low complexity
linux CWE-125
7.8
2017-06-19 CVE-2017-1000371 Unspecified vulnerability in Linux Kernel
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker.
local
low complexity
linux
7.8
2017-06-19 CVE-2017-1000370 Unspecified vulnerability in Linux Kernel
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch.
local
low complexity
linux
7.8
2017-06-19 CVE-2017-1000365 Unspecified vulnerability in Linux Kernel
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation.
local
low complexity
linux
7.8
2017-06-19 CVE-2017-1000364 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
local
high complexity
linux CWE-119
7.4
2017-06-17 CVE-2017-1000380 Information Exposure vulnerability in Linux Kernel
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
local
low complexity
linux CWE-200
5.5
2017-06-13 CVE-2017-9605 Information Exposure vulnerability in Linux Kernel
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value.
local
low complexity
linux CWE-200
5.5
2017-05-27 CVE-2017-9242 Improper Input Validation vulnerability in Linux Kernel
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
local
low complexity
linux CWE-20
5.5
2017-05-23 CVE-2017-9211 NULL Pointer Dereference vulnerability in Linux Kernel
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
local
low complexity
linux CWE-476
5.5
2017-05-22 CVE-2017-9150 Information Exposure vulnerability in Linux Kernel
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
local
low complexity
linux CWE-200
5.5