Max CVSS | 7.8 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-1000204 | 6.3 |
Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in
|
05-08-2024 - 13:15 | 26-06-2018 - 14:29 | |
CVE-2018-10878 | 6.1 |
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
|
05-10-2023 - 14:15 | 26-07-2018 - 18:29 | |
CVE-2018-1000026 | 6.8 |
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear
|
03-10-2023 - 15:39 | 09-02-2018 - 23:29 | |
CVE-2018-1068 | 7.2 |
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
|
21-06-2023 - 15:56 | 16-03-2018 - 16:29 | |
CVE-2018-8781 | 7.2 |
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissi
|
03-03-2023 - 19:22 | 23-04-2018 - 19:29 | |
CVE-2018-14619 | 7.2 |
A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed whi
|
24-02-2023 - 18:43 | 30-08-2018 - 12:29 | |
CVE-2018-11506 | 7.2 |
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes
|
24-02-2023 - 18:37 | 28-05-2018 - 04:29 | |
CVE-2018-1095 | 7.1 |
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of ser
|
13-02-2023 - 04:53 | 02-04-2018 - 03:29 | |
CVE-2018-1118 | 2.1 |
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel
|
13-02-2023 - 04:53 | 10-05-2018 - 22:29 | |
CVE-2018-1094 | 7.1 |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system
|
13-02-2023 - 04:53 | 02-04-2018 - 03:29 | |
CVE-2018-1065 | 4.7 |
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_
|
13-02-2023 - 04:53 | 02-03-2018 - 08:29 | |
CVE-2018-10877 | 6.8 |
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
|
13-02-2023 - 04:51 | 18-07-2018 - 15:29 | |
CVE-2018-10879 | 6.1 |
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
|
13-02-2023 - 04:51 | 26-07-2018 - 18:29 | |
CVE-2018-10880 | 7.1 |
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
|
13-02-2023 - 04:51 | 25-07-2018 - 13:29 | |
CVE-2018-1092 | 7.1 |
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and
|
12-02-2023 - 23:32 | 02-04-2018 - 03:29 | |
CVE-2018-10882 | 4.9 |
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
|
12-02-2023 - 23:31 | 27-07-2018 - 18:29 | |
CVE-2018-10883 | 4.9 |
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
|
12-02-2023 - 23:31 | 30-07-2018 - 16:29 | |
CVE-2018-10881 | 4.9 |
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
|
12-02-2023 - 23:31 | 26-07-2018 - 18:29 | |
CVE-2017-18075 | 7.2 |
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree
|
07-02-2023 - 22:17 | 24-01-2018 - 10:29 | |
CVE-2017-17806 | 7.2 |
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HAS
|
19-01-2023 - 16:26 | 20-12-2017 - 23:29 | |
CVE-2018-9363 | 7.2 |
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne
|
19-01-2023 - 16:01 | 06-11-2018 - 17:29 | |
CVE-2017-17805 | 7.2 |
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service
|
19-01-2023 - 15:45 | 20-12-2017 - 23:29 | |
CVE-2018-5391 | 7.8 |
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments
|
28-12-2022 - 18:07 | 06-09-2018 - 21:29 | |
CVE-2018-13405 | 4.6 |
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a memb
|
06-04-2022 - 15:28 | 06-07-2018 - 14:29 | |
CVE-2018-3639 | 2.1 |
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
|
13-08-2021 - 15:26 | 22-05-2018 - 12:29 | |
CVE-2018-10322 | 4.9 |
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
|
16-10-2020 - 01:15 | 24-04-2018 - 06:29 | |
CVE-2017-18344 | 2.1 |
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID
|
15-10-2020 - 13:28 | 26-07-2018 - 19:29 | |
CVE-2018-5390 | 7.8 |
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
|
18-09-2020 - 16:14 | 06-08-2018 - 20:29 | |
CVE-2018-7566 | 4.6 |
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
|
24-08-2020 - 17:37 | 30-03-2018 - 21:29 | |
CVE-2018-5344 | 4.6 |
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
|
24-08-2020 - 17:37 | 12-01-2018 - 09:29 | |
CVE-2018-1120 | 3.5 |
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w
|
09-10-2019 - 23:38 | 20-06-2018 - 13:29 | |
CVE-2018-14641 | 7.1 |
A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configurati
|
09-10-2019 - 23:35 | 18-09-2018 - 13:29 | |
CVE-2018-7757 | 2.1 |
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy
|
03-10-2019 - 00:03 | 08-03-2018 - 14:29 | |
CVE-2017-18208 | 4.9 |
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
|
03-10-2019 - 00:03 | 01-03-2018 - 05:29 | |
CVE-2017-13166 | 4.6 |
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
|
03-10-2019 - 00:03 | 06-12-2017 - 14:29 | |
CVE-2018-5848 | 4.6 |
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS
|
02-05-2019 - 15:54 | 12-06-2018 - 20:29 | |
CVE-2018-5803 | 4.9 |
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
|
27-03-2019 - 16:17 | 12-06-2018 - 16:29 | |
CVE-2018-5750 | 2.1 |
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
|
07-03-2019 - 20:46 | 26-01-2018 - 19:29 | |
CVE-2018-10940 | 4.9 |
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
|
31-10-2018 - 10:30 | 09-05-2018 - 17:29 | |
CVE-2018-12232 | 7.1 |
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment t
|
31-10-2018 - 10:30 | 12-06-2018 - 12:29 | |
CVE-2018-1000200 | 4.9 |
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls m
|
31-10-2018 - 10:30 | 05-06-2018 - 13:29 | |
CVE-2017-16648 | 7.2 |
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB
|
31-10-2018 - 10:29 | 07-11-2017 - 23:29 |