Vulnerabilities > Linux > Linux Kernel > 4.8.16

DATE CVE VULNERABILITY TITLE RISK
2017-02-14 CVE-2017-5970 NULL Pointer Dereference vulnerability in Linux Kernel
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
network
low complexity
linux CWE-476
5.0
2017-02-14 CVE-2017-5967 Information Exposure vulnerability in Linux Kernel
The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.
local
low complexity
linux CWE-200
2.1
2017-02-06 CVE-2017-5577 7PK - Errors vulnerability in Linux Kernel
The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call.
local
low complexity
linux CWE-388
4.9
2017-02-06 CVE-2017-5576 Integer Overflow or Wraparound vulnerability in Linux Kernel
Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call.
local
low complexity
linux CWE-190
7.8
2017-02-06 CVE-2017-5551 Local Denial of Service vulnerability in Linux Kernel
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
local
low complexity
linux
3.6
2017-02-06 CVE-2017-5550 Information Exposure vulnerability in Linux Kernel
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.
local
low complexity
linux CWE-200
2.1
2017-02-06 CVE-2017-5549 Information Exposure Through Log Files vulnerability in Linux Kernel
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.
local
low complexity
linux CWE-532
2.1
2017-02-06 CVE-2017-5547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
local
low complexity
linux CWE-119
7.8
2017-02-06 CVE-2017-5546 Unspecified vulnerability in Linux Kernel
The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number.
local
low complexity
linux
7.8
2017-02-06 CVE-2017-2596 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
local
low complexity
linux CWE-772
6.5