Vulnerabilities > Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-23 CVE-2017-8062 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
local
low complexity
linux CWE-119
7.8
2017-04-23 CVE-2017-8061 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
local
low complexity
linux CWE-119
7.8
2017-04-19 CVE-2017-7979 Improper Input Validation vulnerability in Linux Kernel 4.11
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts.
local
low complexity
linux CWE-20
7.8
2017-04-18 CVE-2017-7645 Improper Input Validation vulnerability in multiple products
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
network
low complexity
linux debian canonical CWE-20
7.5
2017-04-17 CVE-2017-7889 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
local
low complexity
linux debian canonical CWE-732
7.8
2017-04-12 CVE-2016-5856 Permissions, Privileges, and Access Controls vulnerability in multiple products
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.
local
high complexity
linux google CWE-264
7.0
2017-04-10 CVE-2017-7618 Infinite Loop vulnerability in Linux Kernel
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
network
low complexity
linux CWE-835
7.5
2017-04-07 CVE-2017-0583 Unspecified vulnerability in Linux Kernel 3.10/3.18
An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux
7.0
2017-04-07 CVE-2017-0582 Unspecified vulnerability in Linux Kernel 3.10
An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub.
local
high complexity
linux
7.0
2017-04-07 CVE-2017-0581 Unspecified vulnerability in Linux Kernel 3.18
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux
7.0