Vulnerabilities > Linux > Linux Kernel > 4.9.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-06 | CVE-2017-5550 | Information Exposure vulnerability in Linux Kernel Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. | 2.1 |
| 2017-02-06 | CVE-2017-5549 | Information Exposure Through Log Files vulnerability in Linux Kernel The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | 2.1 |
| 2017-02-06 | CVE-2017-5548 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | 7.2 |
| 2017-02-06 | CVE-2017-5547 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | 7.8 |
| 2017-02-06 | CVE-2017-5546 | Unspecified vulnerability in Linux Kernel The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. | 7.8 |
| 2017-02-06 | CVE-2017-2596 | Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. | 6.5 |
| 2017-02-06 | CVE-2017-2583 | Unspecified vulnerability in Linux Kernel The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. | 8.4 |
| 2017-02-06 | CVE-2016-10208 | Out-of-bounds Read vulnerability in Linux Kernel The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. | 4.9 |
| 2017-02-06 | CVE-2016-10153 | Resource Management Errors vulnerability in Linux Kernel The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. | 7.2 |
| 2017-01-15 | CVE-2017-2584 | Use After Free vulnerability in Linux Kernel arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | 3.6 |