CVE-2018-13094

An issue was discovered in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp...

UBUNTU-CVE-2018-13094

An issue was discovered in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp...

Linux kernel memory misreference vulnerability (CNVD-2018-16259)

Linux kernel is the kernel used by Linux, an open source operating system released by the Linux Foundation in the U.S. The ntfs.ko filesystem driver is one of the drivers that supports the NTFS filesystem. A memory misreference vulnerability exists in the 'ntfsreadlockedinode' function of the...

Double free

ntfsreadlockedinode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service kernel oops or panic via a crafted ntfs filesystem...

CVE-2018-12929

ntfsreadlockedinode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service kernel oops or panic via a crafted ntfs filesystem...

CVE-2018-12930

ntfsendbufferasyncread in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

Stack overflow

ntfsattrfind in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

CVE-2018-12931

ntfsattrfind in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

CVE-2018-12931

ntfsattrfind in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

DEBIAN-CVE-2017-1000255

On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signa...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2784-1) (BlueBorne)

This update for the Linux Kernel 3.12.60-5263 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial ...

CVE-2017-15274

A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...

Null pointer dereference

security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...

CVE-2017-12192

The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service OOPS and system crash via a crafted...

CVE-2017-12192

CVE-2017-12192 affects the Linux kernel Key Management subcomponent: keyctl_read_key in security/keys/keyctl.c may be read on negatively instantiated keys, enabling a local attacker to cause a denial of service (kernel oops and crash). Affected: kernel before 4.13.5; fix implemented in 4.13.5 (Ch...

CVE-2017-14340

CVE-2017-14340 affects the Linux kernel prior to 4.13.2. The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h does not verify that a filesystem has a realtime device, enabling a local user to trigger a NULL pointer dereference and OOPS when setting the RHINHERIT flag on a directory. The issue re...

CVE-2017-14340

The XFSISREALTIMEINODE macro in fs/xfs/xfslinux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service NULL pointer dereference and OOPS via vectors related to setting an RHINHERIT flag on a directory...

UBUNTU-CVE-2017-8797

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used a...

Ubuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash)

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2017-7374 It was discovered that the stack guard page for processes in the Linux kernel was not...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20170525)

Security Fixes : - It was found that the packetsetring function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAPNETRAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due...