Vulnerabilities > Linux > Linux Kernel > 4.9.215

DATE CVE VULNERABILITY TITLE RISK
2017-11-07 CVE-2017-16643 Out-of-bounds Read vulnerability in Linux Kernel
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
local
low complexity
linux CWE-125
7.2
2017-11-06 CVE-2017-15306 NULL Pointer Dereference vulnerability in Linux Kernel
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
local
low complexity
linux CWE-476
4.9
2017-11-04 CVE-2017-16538 Improper Input Validation vulnerability in Linux Kernel
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
local
low complexity
linux CWE-20
7.2
2017-11-04 CVE-2017-16537 NULL Pointer Dereference vulnerability in Linux Kernel
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
local
low complexity
linux CWE-476
7.2
2017-11-04 CVE-2017-16536 NULL Pointer Dereference vulnerability in Linux Kernel
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
local
low complexity
linux CWE-476
7.2
2017-11-04 CVE-2017-16535 Out-of-bounds Read vulnerability in Linux Kernel
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
local
low complexity
linux CWE-125
7.2
2017-10-19 CVE-2017-15649 Race Condition vulnerability in Linux Kernel
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
local
low complexity
linux CWE-362
4.6
2017-10-17 CVE-2017-15537 Information Exposure vulnerability in Linux Kernel
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
local
low complexity
linux CWE-200
2.1
2017-10-14 CVE-2017-15299 NULL Pointer Dereference vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.
local
low complexity
linux CWE-476
5.5
2017-10-12 CVE-2017-15274 NULL Pointer Dereference vulnerability in Linux Kernel
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
local
low complexity
linux CWE-476
4.9