Vulnerabilities > Linux > Linux Kernel > 4.9.60

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2017-9211 NULL Pointer Dereference vulnerability in Linux Kernel
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
local
low complexity
linux CWE-476
4.9
2017-05-22 CVE-2017-9150 Information Exposure vulnerability in Linux Kernel
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
local
low complexity
linux CWE-200
2.1
2017-05-18 CVE-2017-9059 Improper Resource Shutdown or Release vulnerability in Linux Kernel
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.
local
low complexity
linux CWE-404
4.9
2017-05-12 CVE-2017-8925 Improper Resource Shutdown or Release vulnerability in Linux Kernel
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
local
low complexity
linux debian CWE-404
2.1
2017-05-12 CVE-2017-8924 Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
local
low complexity
linux debian CWE-191
2.1
2017-05-11 CVE-2017-7472 Improper Resource Shutdown or Release vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
local
low complexity
linux CWE-404
5.5
2017-05-08 CVE-2017-8831 Out-of-bounds Read vulnerability in multiple products
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.
6.9
2017-04-24 CVE-2010-5321 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761.
low complexity
linux CWE-772
4.3
2017-04-10 CVE-2017-7616 7PK - Errors vulnerability in Linux Kernel
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
local
low complexity
linux CWE-388
2.1
2017-04-05 CVE-2017-2671 Unspecified vulnerability in Linux Kernel
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
local
low complexity
linux
5.5