CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16535
https://notcve.org/view.php?id=CVE-2017-16535
04 Nov 2017 — The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. La función usb_get_bos_descriptor en drivers/usb/core/config.c en el kernel de Linux, en versiones anteriores a la 4.13.10, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, po... • http://www.securityfocus.com/bid/102022 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2017-16530
https://notcve.org/view.php?id=CVE-2017-16530
04 Nov 2017 — The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. El controlador uas en el kernel de Linux, en versiones anteriores a la 4.13.6, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen ot... • https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2017-16527
https://notcve.org/view.php?id=CVE-2017-16527
04 Nov 2017 — sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. sound/usb/mixer.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada snd_usb_mixer_interrupt y cierre inesperado del sistema) o, posiblemente, causen otros impactos no es... • https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-16526
https://notcve.org/view.php?id=CVE-2017-16526
04 Nov 2017 — drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. drivers/uwb/uwbd.c en el kernel de Linux, en versiones anteriores a la 4.13.6, permite que los usuarios locales provoquen una denegación de servicio (fallo de protección general y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema ma... • https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16538
https://notcve.org/view.php?id=CVE-2017-16538
04 Nov 2017 — drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). drivers/media/usb/dvb-usb-v2/lmedm04.c en el kernel de Linux hasta la versión 4.13.10 permite que los usuarios locales provoquen una denegación de servic... • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0CVE-2017-16525
https://notcve.org/view.php?id=CVE-2017-16525
04 Nov 2017 — The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. La función usb_serial_console_disconnect en drivers/usb/serial/console.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (uso de... • http://www.securityfocus.com/bid/102028 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2017-16529
https://notcve.org/view.php?id=CVE-2017-16529
04 Nov 2017 — The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. La función snd_usb_create_streams en sound/usb/card.c en el kernel de Linux, en versiones anteriores a la 4.13.6, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen o... • http://www.securityfocus.com/bid/103284 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16531
https://notcve.org/view.php?id=CVE-2017-16531
04 Nov 2017 — drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. drivers/usb/core/config.c en el kernel de Linux, en versiones anteriores a la 4.13.6, permite que los usuarios locales provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) o, posiblemente, causen otr... • http://www.securityfocus.com/bid/102025 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15649 – Linux Kernel - 'AF_PACKET' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-15649
19 Oct 2017 — net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. net/packet/af_packet.c en versiones anteriores a la 4.13.6 del kernel de Linux permite que usuarios locales obtengan privilegios mediante llamadas manipuladas al sistema que dan lugar a... • https://www.exploit-db.com/exploits/44053 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15537
https://notcve.org/view.php?id=CVE-2017-15537
17 Oct 2017 — The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. El subsistema x86/fpu (Floating Point Unit) en el kernel de Linux en versiones an... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •