Vulnerabilities > Linux > Linux Kernel > 4.9.19

DATE CVE VULNERABILITY TITLE RISK
2017-04-23 CVE-2017-8061 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
local
low complexity
linux CWE-119
7.2
2017-04-18 CVE-2017-7645 Improper Input Validation vulnerability in multiple products
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
network
low complexity
linux debian canonical CWE-20
7.5
2017-04-17 CVE-2017-7889 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
local
low complexity
linux debian canonical CWE-732
7.8
2017-04-10 CVE-2017-7618 Infinite Loop vulnerability in Linux Kernel
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
network
low complexity
linux CWE-835
7.5
2017-04-10 CVE-2017-7616 7PK - Errors vulnerability in Linux Kernel
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
local
low complexity
linux CWE-388
2.1
2017-04-05 CVE-2017-2671 Unspecified vulnerability in Linux Kernel
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
local
low complexity
linux
5.5
2017-03-31 CVE-2017-7374 Use After Free vulnerability in Linux Kernel
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
local
low complexity
linux CWE-416
7.8
2017-03-30 CVE-2017-7346 Improper Input Validation vulnerability in Linux Kernel
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
local
low complexity
linux CWE-20
4.9
2017-03-29 CVE-2017-7308 Incorrect Conversion between Numeric Types vulnerability in Linux Kernel
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
local
low complexity
linux CWE-681
7.8
2017-03-29 CVE-2017-7294 Integer Overflow or Wraparound vulnerability in Linux Kernel
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
local
low complexity
linux CWE-190
7.8