Search Results (2563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9684 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.
CVE-2017-16001 1 Hashicorp 1 Vagrant 2025-04-20 N/A
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVE-2015-5191 2 Linux, Vmware 2 Linux Kernel, Tools 2025-04-20 N/A
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2017-1000367 2 Redhat, Sudo Project 3 Enterprise Linux, Rhel Els, Sudo 2025-04-20 N/A
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
CVE-2014-9936 1 Google 1 Android 2025-04-20 N/A
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel.
CVE-2017-8148 1 Huawei 2 P9, P9 Firmware 2025-04-20 N/A
Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot.
CVE-2017-13167 2 Google, Redhat 4 Android, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-20 N/A
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.
CVE-2017-8257 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.
CVE-2017-8265 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.
CVE-2017-1000405 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-20 7.0 High
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.
CVE-2017-9685 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
CVE-2017-9682 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.
CVE-2017-5899 1 S-nail Project 1 S-nail 2025-04-20 N/A
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
CVE-2017-6346 1 Linux 1 Linux Kernel 2025-04-20 7.0 High
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
CVE-2017-7533 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more 2025-04-20 7.0 High
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
CVE-2017-10661 3 Debian, Linux, Redhat 12 Debian Linux, Linux Kernel, Enterprise Linux and 9 more 2025-04-20 7.0 High
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
CVE-2017-9718 1 Google 1 Android 2025-04-20 N/A
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.
CVE-2017-6979 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2017-7115 1 Apple 2 Iphone Os, Tvos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition.
CVE-2016-10200 3 Google, Linux, Redhat 6 Android, Linux Kernel, Enterprise Linux and 3 more 2025-04-20 7.0 High
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.