Vulnerabilities > Linux > Linux Kernel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-06 | CVE-2017-5549 | Information Exposure Through Log Files vulnerability in Linux Kernel The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | 5.5 |
| 2017-02-06 | CVE-2017-2596 | Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. | 6.5 |
| 2017-02-06 | CVE-2016-10208 | Out-of-bounds Read vulnerability in Linux Kernel The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. | 4.3 |
| 2017-02-06 | CVE-2016-10154 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel 4.9 The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. | 5.5 |
| 2017-02-06 | CVE-2010-5328 | Improper Input Validation vulnerability in Linux Kernel include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group. | 5.5 |
| 2017-01-18 | CVE-2016-10147 | NULL Pointer Dereference vulnerability in Linux Kernel crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). | 5.5 |
| 2017-01-12 | CVE-2016-8475 | Information Exposure vulnerability in Linux Kernel 3.18 An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-01-12 | CVE-2016-8474 | Information Exposure vulnerability in Linux Kernel 3.10 An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-01-12 | CVE-2016-8473 | Information Exposure vulnerability in Linux Kernel 3.10 An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-01-12 | CVE-2016-8469 | Information Exposure vulnerability in Linux Kernel 3.10 An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |