CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9059
https://notcve.org/view.php?id=CVE-2017-9059
18 May 2017 — The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. La implementación NFSv4 en el kernel de Linux hasta versión 4.11.1, permite a los usuarios locales causar una denegación de servicio (consumo de recursos) para aprovechar el apagado inapropiado de la devolución de llamada de canal al desmontar un... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7495 – kernel: ext4: power failure during write(2) causes on-disk information leak
https://notcve.org/view.php?id=CVE-2017-7495
15 May 2017 — fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. En el archivo fs/ext4/inode.c en el kernel de Linux anterior a versión 4.6.2, cuando es usado el modo data=ordered de ext4, maneja inapropiadamente una lista de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7487 – Ubuntu Security Notice USN-3329-1
https://notcve.org/view.php?id=CVE-2017-7487
14 May 2017 — The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. La función ipxitf_ioctl en el archivo net/ipx/af_ipx.c en el kernel de Linux hasta la versión 4.11.1, maneja inapropiadamente conteos de referencias, lo que permite a los usuarios locales causar una denegación de servicio (uso de m... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80 • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8924 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2017-8924
12 May 2017 — The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. La función edge_bulk_in_callback en drivers/usb/serial/io_ti.c en el kernel de Linux anterior a 4.10.4 permite a los usuarios locales obtener información sensible (en el dmesg ringbuffer y s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8925 – Ubuntu Security Notice USN-3360-1
https://notcve.org/view.php?id=CVE-2017-8925
12 May 2017 — The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. La función omninet_open en drivers/usb/serial/omninet.c en kernel de Linux anterior a 4.10.4 permite a los usuarios locales causar una denegación de servicio (agotamiento de tty) aprovechando el manejo incorrecto del contador de referencia. USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30572418b445d85fcfe6c8fe84c947d2606767d8 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0628
https://notcve.org/view.php?id=CVE-2017-0628
12 May 2017 — An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. • http://www.securityfocus.com/bid/98211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0629
https://notcve.org/view.php?id=CVE-2017-0629
12 May 2017 — An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. • http://www.securityfocus.com/bid/98212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0609
https://notcve.org/view.php?id=CVE-2017-0609
12 May 2017 — An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. • http://www.securityfocus.com/bid/98174 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0620
https://notcve.org/view.php?id=CVE-2017-0620
12 May 2017 — An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. • http://www.securityfocus.com/bid/98193 • CWE-20: Improper Input Validation CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0623
https://notcve.org/view.php?id=CVE-2017-0623
12 May 2017 — An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358. • http://www.securityfocus.com/bid/98199 •