CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6951 – kernel: NULL pointer dereference in keyring_search_aux function
https://notcve.org/view.php?id=CVE-2017-6951
The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. La función keyring_search_aux en security/keys/keyring.c en el kernel de Linux hasta la versión 3.14.79 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y OOPS) a través de una llamada al sistema request_key para el tipo "muerte". The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service via a request_key system call for the "dead" key type. • http://www.securityfocus.com/bid/96943 http://www.spinics.net/lists/keyrings/msg01845.html http://www.spinics.net/lists/keyrings/msg01846.html http://www.spinics.net/lists/keyrings/msg01849.html https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://access.redhat.com/security/cve/CVE-2017-6951 https://bugzilla.redhat.com/show_bug.cgi?id=1433252 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0510
https://notcve.org/view.php?id=CVE-2017-0510
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555. • http://www.securityfocus.com/bid/96800 http://www.securitytracker.com/id/1037968 https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger https://source.android.com/security/bulletin/2017-03-01 https://source.android.com/security/bulletin/2017-03-01.html •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0519
https://notcve.org/view.php?id=CVE-2017-0519
An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32372915. • http://www.securityfocus.com/bid/96950 http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01 https://source.android.com/security/bulletin/2017-03-01.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0334
https://notcve.org/view.php?id=CVE-2017-0334
An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33245849. • http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0527
https://notcve.org/view.php?id=CVE-2017-0527
An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318. • http://www.securityfocus.com/bid/96949 http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01 https://source.android.com/security/bulletin/2017-03-01.html •