In 2017, 555 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 94 were rated Critical, 327 High severity , and 1 was confirmed as actively exploited in the wild (CISA KEV) . Compared to 2016's 223 CVEs, 2017 represented an increase of 149% year-on-year. August was the most active month, with 121 CVEs published.
Monthly CVE Breakdown — 2017
CVEs published per month with severity breakdown
August (121) was the most active month in 2017. Together the top months account for a significant share of 2017's 555 total CVEs. January (3) had the lowest volume.
Severity Distribution — 2017
Breakdown across 555 CVEs
23% Medium · 59% High · 17% Critical.
Monthly Counts — 2017
CVE counts by month and severity
August was the most active month with 121 CVEs — 22% of 2017's total. January (3) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 3 | 0 | 2 | 1 | 0 |
1%
|
| February | 29 | 1 | 17 | 11 | 0 |
5%
|
| March | 23 | 2 | 13 | 7 | 1 |
4%
|
| April | 29 | 2 | 19 | 8 | 0 |
5%
|
| May | 40 | 0 | 30 | 10 | 0 |
7%
|
| June | 87 | 0 | 68 | 17 | 2 |
16%
|
| July | 11 | 0 | 9 | 2 | 0 |
2%
|
| August | 121 | 77 | 34 | 10 | 0 |
22%
|
| September | 36 | 0 | 19 | 17 | 0 |
6%
|
| October | 40 | 0 | 31 | 9 | 0 |
7%
|
| November | 67 | 0 | 38 | 29 | 0 |
12%
|
| December | 69 | 12 | 47 | 8 | 2 |
12%
|
| Total | 555 | 94 | 327 | 129 | 5 |
Actively exploited CVEs — 2017
1 CVE confirmed in CISA KEV catalog
All CVEs — 2017
555 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2017-6211 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the … | |
| CVE-2017-14918 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the … | |
| CVE-2017-14914 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles… | |
| CVE-2017-14909 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count… | |
| CVE-2017-14916 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer … | |
| CVE-2017-14917 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer … | |
| CVE-2017-15813 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffe… | |
| CVE-2017-14907 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptog… | |
| CVE-2017-9709 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privi… | |
| CVE-2017-14908 | linux | Critical | 9.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Saf… |
2017 Linux Kernel CVE Highlights
-
Monthly variation
CVE publication in 2017 was uneven across months. August was the most active with 121 CVEs. January (3) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.