Vulnerabilities > Linux > Linux Kernel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-18 | CVE-2017-5986 | Reachable Assertion vulnerability in Linux Kernel Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. | 5.5 |
| 2017-02-14 | CVE-2017-5967 | Information Exposure vulnerability in Linux Kernel The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. | 4.0 |
| 2017-02-08 | CVE-2017-0451 | Information Exposure vulnerability in multiple products An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-02-08 | CVE-2017-0448 | Information Exposure vulnerability in multiple products An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-02-08 | CVE-2016-8414 | Information Exposure vulnerability in multiple products An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-02-06 | CVE-2017-5577 | 7PK - Errors vulnerability in Linux Kernel The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. | 5.5 |
| 2017-02-06 | CVE-2017-5551 | Unspecified vulnerability in Linux Kernel The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. | 4.4 |
| 2017-02-06 | CVE-2017-5550 | Information Exposure vulnerability in Linux Kernel Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. | 5.5 |
| 2017-02-06 | CVE-2017-5549 | Information Exposure Through Log Files vulnerability in Linux Kernel The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | 5.5 |
| 2017-02-06 | CVE-2017-2596 | Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. | 6.5 |