CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-9074 – kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option
https://notcve.org/view.php?id=CVE-2017-9074
19 May 2017 — The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. La implementación IPv6 Fragmentation en el kernel de Linux hasta la versión 4.11.1 no considera que el campo nexthdr puede estar asociado a una opción no válida, lo que permite a los usuari... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2423496af35d94a87156b063ea5cedffc10a70a1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-9075 – kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
https://notcve.org/view.php?id=CVE-2017-9075
19 May 2017 — The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. La función sctp_v6_create_accept_sk en net/sctp/ipv6.c en el kernel de Linux hasta la versión 4.11.1 gestiona de manera incorrecta la herencia, lo que permite que usuarios locales provoquen una denegación de servicio (DoS) o, probablemente,... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-9076 – kernel: net: IPv6 DCCP implementation mishandles inheritance
https://notcve.org/view.php?id=CVE-2017-9076
19 May 2017 — The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. La función dccp_v6_request_recv_sock en el archivo net/dccp/ipv6.c en el kernel de Linux hasta versión 4.11.1, el manejo inapropiado de la herencia, permite a los usuarios locales causar una denegación de servicio o posiblemente tener otro... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9059
https://notcve.org/view.php?id=CVE-2017-9059
18 May 2017 — The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. La implementación NFSv4 en el kernel de Linux hasta versión 4.11.1, permite a los usuarios locales causar una denegación de servicio (consumo de recursos) para aprovechar el apagado inapropiado de la devolución de llamada de canal al desmontar un... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7495 – kernel: ext4: power failure during write(2) causes on-disk information leak
https://notcve.org/view.php?id=CVE-2017-7495
15 May 2017 — fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. En el archivo fs/ext4/inode.c en el kernel de Linux anterior a versión 4.6.2, cuando es usado el modo data=ordered de ext4, maneja inapropiadamente una lista de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7487
https://notcve.org/view.php?id=CVE-2017-7487
14 May 2017 — The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. La función ipxitf_ioctl en el archivo net/ipx/af_ipx.c en el kernel de Linux hasta la versión 4.11.1, maneja inapropiadamente conteos de referencias, lo que permite a los usuarios locales causar una denegación de servicio (uso de m... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80 • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8924
https://notcve.org/view.php?id=CVE-2017-8924
12 May 2017 — The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. La función edge_bulk_in_callback en drivers/usb/serial/io_ti.c en el kernel de Linux anterior a 4.10.4 permite a los usuarios locales obtener información sensible (en el dmesg ringbuffer y s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8925
https://notcve.org/view.php?id=CVE-2017-8925
12 May 2017 — The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. La función omninet_open en drivers/usb/serial/omninet.c en kernel de Linux anterior a 4.10.4 permite a los usuarios locales causar una denegación de servicio (agotamiento de tty) aprovechando el manejo incorrecto del contador de referencia. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30572418b445d85fcfe6c8fe84c947d2606767d8 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0626
https://notcve.org/view.php?id=CVE-2017-0626
12 May 2017 — An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. • http://www.securityfocus.com/bid/98202 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0609
https://notcve.org/view.php?id=CVE-2017-0609
12 May 2017 — An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. • http://www.securityfocus.com/bid/98174 •