Vulnerability & Exploit Database

Displaying entries 1 - 10 of 56 in total

Results for: CVE-2017-3312 Back to search

SUSE: CVE-2017-16939: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: November 24, 2017

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

SUSE: CVE-2017-10661: SUSE Linux Security Advisory Vulnerability

  • Severity: 8
  • Published: August 19, 2017

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

Ubuntu: (Multiple Advisories) (CVE-2017-7895): Linux kernel (HWE) vulnerabilities Vulnerability

  • Severity: 10
  • Published: April 28, 2017

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

Ubuntu: (Multiple Advisories) (CVE-2016-9604): Linux kernel (Trusty HWE) vulnerabilities Vulnerability

  • Severity: 2
  • Published: April 28, 2017

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring....

SUSE: CVE-2017-7472: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: April 28, 2017

The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

SUSE: CVE-2016-9604: SUSE Linux Security Advisory Vulnerability

  • Severity: 2
  • Published: April 28, 2017

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring....

Red Hat: CVE-2016-9604: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Vulnerability

  • Severity: 2
  • Published: April 28, 2017

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring....