CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-7184 – Linux Kernel XFRM Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-7184
19 Mar 2017 — The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. La función xfrm_replay_verify_len en net/xfrm/xfrm_user.c en el kernel ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0518
https://notcve.org/view.php?id=CVE-2017-0518
08 Mar 2017 — An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32370896. • http://www.securityfocus.com/bid/96950 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0455
https://notcve.org/view.php?id=CVE-2017-0455
08 Mar 2017 — An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. • http://www.securityfocus.com/bid/96812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0524
https://notcve.org/view.php?id=CVE-2017-0524
08 Mar 2017 — An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026. • http://www.securityfocus.com/bid/96808 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0536
https://notcve.org/view.php?id=CVE-2017-0536
08 Mar 2017 — An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878. • http://www.securityfocus.com/bid/96835 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8413
https://notcve.org/view.php?id=CVE-2016-8413
08 Mar 2017 — An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. • http://www.securityfocus.com/bid/96749 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0337
https://notcve.org/view.php?id=CVE-2017-0337
08 Mar 2017 — An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-31992762. • http://www.securityfocus.com/bid/96723 •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0527
https://notcve.org/view.php?id=CVE-2017-0527
08 Mar 2017 — An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318. • http://www.securityfocus.com/bid/96949 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0336
https://notcve.org/view.php?id=CVE-2017-0336
08 Mar 2017 — An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. • http://www.securitytracker.com/id/1037968 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0463
https://notcve.org/view.php?id=CVE-2017-0463
08 Mar 2017 — An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33277611. • http://www.securityfocus.com/bid/96948 • CWE-20: Improper Input Validation •