The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2017-16531 | drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. | HIGH | Nov 4, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-16532 | The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | HIGH | Nov 4, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2017-16533 | The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | HIGH | Nov 4, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-16534 | The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | HIGH | Nov 4, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-16535 | The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | HIGH | Nov 4, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-16537 | The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | HIGH | Nov 4, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2017-16538 | drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). | HIGH | Nov 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15996 | elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a buffer overflow on fuzzed archive header, related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. | MEDIUM | Nov 1, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-1000255 | On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: 5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace) which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. | MEDIUM | Oct 31, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-13089 | The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk\'s length, but doesn\'t check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. | HIGH | Oct 28, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-13090 | The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk\'s length, but doesn\'t check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. | HIGH | Oct 28, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15908 | In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the \'systemd-resolved\' service and cause a DoS of the affected service. | MEDIUM | Oct 28, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15938 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). | MEDIUM | Oct 27, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15939 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. | MEDIUM | Oct 27, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15951 | The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the negative state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. | HIGH | Oct 27, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15804 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | High | Oct 25, 2017 | 10.17.41.9 (Wind River Linux LTS 17) |
| CVE-2017-15906 | The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | MEDIUM | Oct 25, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15186 | Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | MEDIUM | Oct 24, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15265 | Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. | Medium | Oct 24, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-15289 | The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. | Low | Oct 24, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15670 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | High | Oct 24, 2017 | 10.17.41.9 (Wind River Linux LTS 17) |
| CVE-2017-15671 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). | Medium | Oct 24, 2017 | 10.17.41.9 (Wind River Linux LTS 17) |
| CVE-2017-15873 | The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. | MEDIUM | Oct 24, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15649 | net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. | MEDIUM | Oct 19, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-14952 | Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a redundant UVector entry clean up function call issue. | HIGH | Oct 16, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-13077 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13078 | Wi-Fi Protected Access (WPA and WPA2) allowsreinstallation of the group key in the Four-way handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13079 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key in the Four-way handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13080 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the group key in the Group Key handshake. | LOW | Oct 16, 2017 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2017-13081 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key in the Group Key handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13082 | Wi-Fi Protected Access (WPA and WPA2) accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13086 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13087 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13088 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-15298 | Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. | MEDIUM | Oct 14, 2017 | 10.17.41.16 (Wind River Linux LTS 17) |
| CVE-2017-15299 | The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. | MEDIUM | Oct 14, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2017-15268 | Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | MEDIUM | Oct 12, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15286 | SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. | MEDIUM | Oct 12, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-12188 | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an MMU potential stack buffer overrun. | MEDIUM | Oct 11, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-12192 | A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel. | MEDIUM | Oct 11, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-13720 | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because \'\\0\' characters are incorrectly skipped in situations involving ? characters. | LOW | Oct 11, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-13722 | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | LOW | Oct 11, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-2888 | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | MEDIUM | Oct 11, 2017 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2017-14933 | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | Medium | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14934 | process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | Medium | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15225 | _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. | MEDIUM | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-1000254 | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. | MEDIUM | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-13721 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | LOW | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-13723 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | MEDIUM | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15038 | Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. | LOW | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
