Vulnerabilities > Linux > Linux Kernel > 4.9.147
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2017-15129 | Race Condition vulnerability in multiple products A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. | 4.7 |
| 2017-12-30 | CVE-2017-17975 | Use After Free vulnerability in Linux Kernel Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. | 4.9 |
| 2017-12-27 | CVE-2017-17864 | Information Exposure vulnerability in Linux Kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." | 2.1 |
| 2017-12-27 | CVE-2017-17862 | Improper Input Validation vulnerability in Linux Kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. | 4.9 |
| 2017-12-20 | CVE-2017-17807 | Missing Authorization vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. | 2.1 |
| 2017-12-18 | CVE-2017-17741 | Out-of-bounds Read vulnerability in Linux Kernel The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | 2.1 |
| 2017-12-12 | CVE-2017-17558 | Out-of-bounds Write vulnerability in Linux Kernel The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. | 7.2 |
| 2017-12-11 | CVE-2017-1000407 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | 6.1 |
| 2017-12-07 | CVE-2017-1000410 | Information Exposure vulnerability in Linux Kernel The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. | 5.0 |
| 2017-12-07 | CVE-2017-17450 | Missing Authorization vulnerability in Linux Kernel net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. | 4.6 |