Vulnerabilities > Linux > Linux Kernel > 4.9.167

DATE CVE VULNERABILITY TITLE RISK
2017-08-31 CVE-2017-14051 Integer Overflow or Wraparound vulnerability in Linux Kernel
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
local
low complexity
linux CWE-190
4.4
2017-08-25 CVE-2017-13695 Information Exposure vulnerability in Linux Kernel
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
local
low complexity
linux CWE-200
5.5
2017-08-25 CVE-2017-13694 Information Exposure vulnerability in Linux Kernel
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
local
low complexity
linux CWE-200
5.5
2017-08-25 CVE-2017-13693 Information Exposure vulnerability in Linux Kernel
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
local
low complexity
linux CWE-200
5.5
2017-07-21 CVE-2017-7542 Unspecified vulnerability in Linux Kernel
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
local
low complexity
linux
5.5
2017-07-20 CVE-2017-11472 Improper Handling of Exceptional Conditions vulnerability in Linux Kernel
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
local
low complexity
linux CWE-755
7.1
2017-07-05 CVE-2017-10911 Information Exposure vulnerability in Linux Kernel
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
local
low complexity
linux CWE-200
6.5
2017-06-28 CVE-2017-9986 Out-of-bounds Read vulnerability in Linux Kernel
The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
local
low complexity
linux CWE-125
7.8
2017-06-19 CVE-2017-1000364 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
local
high complexity
linux CWE-119
7.4
2017-06-17 CVE-2017-1000380 Information Exposure vulnerability in Linux Kernel
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
local
low complexity
linux CWE-200
5.5