Vulnerabilities > Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-08 | CVE-2016-8413 | Information Exposure vulnerability in Linux Kernel 3.10/3.18 An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-03-01 | CVE-2017-6353 | Double Free vulnerability in Linux Kernel net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. | 5.5 |
| 2017-03-01 | CVE-2017-6348 | Unspecified vulnerability in Linux Kernel The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices. | 5.5 |
| 2017-02-18 | CVE-2017-5986 | Reachable Assertion vulnerability in Linux Kernel Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. | 5.5 |
| 2017-02-14 | CVE-2017-5967 | Information Exposure vulnerability in Linux Kernel The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. | 4.0 |
| 2017-02-08 | CVE-2017-0451 | Information Exposure vulnerability in multiple products An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-02-08 | CVE-2017-0448 | Information Exposure vulnerability in multiple products An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-02-08 | CVE-2016-8414 | Information Exposure vulnerability in multiple products An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. | 4.7 |
| 2017-02-06 | CVE-2017-5577 | 7PK - Errors vulnerability in Linux Kernel The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. | 5.5 |
| 2017-02-06 | CVE-2017-5551 | Unspecified vulnerability in Linux Kernel The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. | 4.4 |