Vulnerabilities > Linux > Linux Kernel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-19 | CVE-2017-7979 | Improper Input Validation vulnerability in Linux Kernel 4.11 The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. | 7.8 |
| 2017-04-18 | CVE-2017-7645 | Improper Input Validation vulnerability in multiple products The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | 7.5 |
| 2017-04-17 | CVE-2017-7889 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | 7.8 |
| 2017-04-12 | CVE-2016-5856 | Permissions, Privileges, and Access Controls vulnerability in multiple products Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. | 7.0 |
| 2017-04-10 | CVE-2017-7618 | Infinite Loop vulnerability in Linux Kernel crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. | 7.5 |
| 2017-04-07 | CVE-2017-0583 | Unspecified vulnerability in Linux Kernel 3.10/3.18 An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-04-07 | CVE-2017-0582 | Unspecified vulnerability in Linux Kernel 3.10 An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. | 7.0 |
| 2017-04-07 | CVE-2017-0581 | Unspecified vulnerability in Linux Kernel 3.18 An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-04-07 | CVE-2017-0580 | Unspecified vulnerability in Linux Kernel 3.18 An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-04-07 | CVE-2017-0579 | Unspecified vulnerability in Linux Kernel 3.10/3.18 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |