CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0339
https://notcve.org/view.php?id=CVE-2017-0339
An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-27930566. • http://www.securityfocus.com/bid/97333 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01.html •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0329
https://notcve.org/view.php?id=CVE-2017-0329
An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. • http://www.securityfocus.com/bid/97353 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01.html •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0328
https://notcve.org/view.php?id=CVE-2017-0328
An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. • http://www.securityfocus.com/bid/97347 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0325
https://notcve.org/view.php?id=CVE-2017-0325
An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.securityfocus.com/bid/97350 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-2671 – Linux Kernel - 'ping' Local Denial of Service
https://notcve.org/view.php?id=CVE-2017-2671
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. En LightDM en versiones hasta 1.22.0, un problema de directorio transversal en debian/guest-account.sh permite a atacantes locales allows local attackers poseer ubicaciones de ruta de directorio arbitrarias y escalar privilegios a raíz cuando el usuario invitado se cierra. A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system. The Linux kernel suffers from a ping local denial of service vulnerability. • https://www.exploit-db.com/exploits/42135 https://github.com/homjxi0e/CVE-2017-2671 http://openwall.com/lists/oss-security/2017/04/04/8 http://www.securityfocus.com/bid/97407 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2018:1854 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •