| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-8106 |
476 |
|
DoS |
2017-04-24 |
2017-05-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer. |
|
2 |
CVE-2014-9090 |
17 |
|
DoS |
2014-11-30 |
2015-06-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. |
|
3 |
CVE-2014-8989 |
264 |
|
Bypass |
2014-11-30 |
2017-01-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. |
|
4 |
CVE-2014-8884 |
119 |
|
DoS Overflow +Priv |
2014-11-30 |
2018-01-05 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. |
|
5 |
CVE-2014-8133 |
264 |
|
Bypass |
2014-12-17 |
2016-12-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. |
|
6 |
CVE-2014-7842 |
362 |
|
DoS |
2014-11-30 |
2017-01-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. |
|
7 |
CVE-2014-7841 |
399 |
|
DoS |
2014-11-30 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. |
|
8 |
CVE-2014-3688 |
399 |
|
DoS |
2014-11-30 |
2016-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. |
|
9 |
CVE-2014-1446 |
399 |
|
+Info |
2014-01-18 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. |
|
10 |
CVE-2014-1438 |
264 |
|
DoS +Priv |
2014-01-18 |
2014-03-16 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application. |
|
11 |
CVE-2014-0038 |
20 |
2
|
+Priv |
2014-02-06 |
2018-01-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. |
|
12 |
CVE-2012-6638 |
399 |
|
DoS |
2014-02-15 |
2014-02-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663. |
