180 matches found
CVE-2018-5391
CVE-2018-5391 affects the Linux kernel (3.9+) via FragmentSmack: IP fragment reassembly can be exploited to exhaust CPU and cause DoS. Citrix/Arista/CentOS advisories describe affected products and kernel updates; CentOS/RH advisories list patched versions and note the vulnerability stems from fr...
CVE-2018-13405
CVE-2018-13405 involves the Linux kernel inode_init_owner() logic where, in a scenario with an SGID directory and a writably user who is not in that group, a local user could create a plain file with the SGID group ownership and executable bits, effectively escalating privileges. Connected docume...
CVE-2017-18017
CVE-2017-18017 affects the Linux kernel’s tcpmss_mangle_packet in net/netfilter/xt_TCPMSS.c. When xt_TCPMSS is used in an iptables action, a remote attacker can trigger a use-after-free and memory corruption, leading to a denial of service. Affected versions are Linux kernel before 4.11, and 4.9....
CVE-2018-18955
CVE-2018-18955 affects Linux kernels 4.15.x–4.19.x, with privilege escalation via map_write() in kernel/user_namespace.c when nested user namespaces have more than 5 UID/GID ranges. A user with CAP_SYS_ADMIN in the affected namespace can bypass controls outside the namespace (e.g., read /etc/shad...
CVE-2018-9568
This CVE-2018-9568 entry concerns the Linux kernel socket code: In sk_clone_lock of sock.c, a memory corruption due to type confusion could allow local privilege escalation without user interaction. Affected product/version in the initial doc is Android kernel; connected MiracleLinux advisory con...
CVE-2018-5390
CVE-2018-5390 (SegmentSmack) affects Linux kernels 4.9+ where specially crafted TCP packets can trigger expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(), potentially exhausting CPU and causing DoS. The Citrix advisory corroborates that TCP reassembly issues can lead to CPU sa...
CVE-2018-10902
CVE-2018-10902 is a Linux kernel local privilege-escalation flaw in the raw MIDI driver. The issue arises from a race on concurrent access in the snd_rawmidi_ioctl() path (snd_rawmidi_input_params and snd_rawmidi_output_status), causing a double-free/double-realloc in the rawmidi.c handler. Explo...
CVE-2018-18397
The vulnerability CVE-2018-18397 affects the Linux kernel prior to 4.19.7, where the userfaultfd implementation mishandles access control for certain UFFDIO ioctls (fs/userfaultfd.c and mm/userfaultfd.c). A local attacker with read permissions on a tmpfs file containing holes could write data int...
CVE-2018-14634
CVE-2018-14634 is a Linux kernel integer overflow vulnerability in create_elf_tables(). An unprivileged local user with access to a SUID (or otherwise privileged) binary could escalate privileges. Documented vulnerable kernel families include 2.6.x, 3.10.x, and 4.14.x. Mitigations/recognitions ex...
CVE-2018-17972
The CVE-2018-17972 issue affects the Linux kernel (proc_pid_stack in fs/proc/base.c) up to 4.18.11, where an attacker with local access could exploit race in stack unwinding to leak kernel task stack contents. The root cause is insufficient restriction on inspecting kernel stacks, enabling local ...
CVE-2018-16884
The CVE-2018-16884 issue affects the Linux kernel NFS4.1+ client: mounting NFS shares across different network namespaces can cause a use-after-free in bc_svc_process() leading to memory corruption and potential host panic. Exploitation details in the provided sources are host/container local, wi...
CVE-2018-5803
CVE-2018-5803 affects the Linux kernel SCTP chunk handling: a length check flaw in _sctp_make_chunk() (net/sctp/sm_make_chunk.c) can trigger a kernel crash/DoS. Affected kernel versions include 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102. Public advisories (Debian, CentOS/Red Hat, Ubunt...
CVE-2018-1000026
CVE-2018-1000026 affects the Linux kernel in the Broadcom NetXtreme II (bnx2x) driver. The issue is described as insufficient input validation in the bnx2x driver that can allow a remote attacker to trigger a denial of service by sending specially crafted, very large packets, potentially from an ...
CVE-2018-1068
CVE-2018-1068 affects the Linux kernel: the 32-bit compatibility layer for ebtables did not sufficiently validate offset values in a 64-bit kernel. A local attacker with CAP_NET_ADMIN (in a namespace) could use this to overwrite kernel memory, potentially leading to privilege escalation. Public a...
CVE-2018-20169
CVE-2018-20169 affects the Linux kernel USB subsystem. It stems from missing size checks in __usb_get_extra_descriptor when reading an extra descriptor, potentially enabling denial-of-service (and, per CVSS hints, high impact on confidentiality/integrity/availability). Affected versions: Linux ke...
CVE-2018-1000204
CVE-2018-1000204 affects Linux kernel versions 3.18–4.16 where an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp can cause the kernel to copy up to 1000 heap pages to userspace. The root cause is improper handling of SG_IO data flow leading to information ...
CVE-2018-10323
CVE-2018-10323 relates to the Linux kernel where the function xfs_bmap_extents_to_btree in fs/xfs/libxfs/xfs_bmap.c can trigger a NULL pointer dereference in xfs_bmapi_write when processing crafted XFS images. The vulnerability affects kernels up to 4.16.3 and can lead to denial of service via lo...
CVE-2018-17182
Summary : CVE-2018-17182 is a Linux kernel use-after-free vulnerability in the vmacache subsystem. The root cause is that the function vmacache_flush_all mishandles sequence number overflows, allowing a local attacker to trigger a use-after-free via certain thread creation/map/unmap/invalidation/...
CVE-2018-1120
CVE-2018-1120 affects the Linux kernel prior to 4.17. By mmap()ing a FUSE-backed file into a process’s memory that contains command line arguments or environment strings, a local attacker can cause utilities that read /proc//cmdline or /proc//environ (e.g., ps, w) to block indefinitely or for a b...
CVE-2018-19854
CVE-2018-19854 affects the Linux kernel pre-4.19.3. In crypto/crypto_user.c (crypto user configuration API), structures copied to userspace are not fully initialized, potentially leaking memory to user processes. This is a regression from CVE-2013-2547 but with easier exploitability, requiring CO...
CVE-2018-1000199
The CVE-2018-1000199 entry concerns the Linux kernel (v3.18) where modify_user_hw_breakpoint() contains a ptrace-related handling flaw. This flaw can allow a local attacker to crash the kernel and, per other sources, may enable memory corruption or local code execution via ptrace. The issue is ro...
CVE-2018-10853
CVE-2018-10853: A security flaw in the Linux kernel KVM hypervisor (pre-4.18) where emulation of certain unprivileged instructions (sgdt, sidt, fxsave, fxrstor) did not check CPL, potentially allowing an unprivileged guest process to escalate privileges inside the guest. The CVE is linked to comm...
CVE-2018-14633
CVE-2018-14633 affects the Linux kernel iSCSI target code, specifically chap_server_compute_md5(), where an unauthenticated remote attacker can trigger a stack-based buffer overflow, potentially causing a denial of service or exposing data from an iSCSI target. Public disclosures in 2018 indicate...
CVE-2018-8781
CVE-2018-8781 affects the Linux kernel udl_fb_mmap() in udl_fb.c, with an integer overflow from kernel 3.4 up to 4.15. It allows a local user with udldrmfb driver access to obtain full read/write permissions on kernel physical pages, enabling kernel-space code execution. No patch/version remediat...
CVE-2018-7757
The CVE-2018-7757 issue affects the Linux kernel (up to version 4.15.7) and is caused by a memory leak in the sas_smp_get_phy_events function located at drivers/scsi/libsas/sas_expander.c. The vulnerability can lead to a denial of service due to memory consumption when a local attacker performs m...
CVE-2018-10322
CVE-2018-10322 affects the Linux kernel (up to 4.16.3) via the XFS inode verification path: xfs_dinode_verify in fs/xfs/libxfs/xfs_inode_buf.c can trigger an xfs_ilock_attr_map_shared invalid pointer dereference, allowing a local attacker to cause a denial of service. Exploitation status is not d...
CVE-2018-10940
CVE-2018-10940 affects the Linux kernel, where cdrom_ioctl_media_changed in drivers/cdrom/cdrom.c allows a local attacker to read kernel memory due to an incorrect bounds check in the CDROM_MEDIA_CHANGED ioctl. The vulnerability exists in versions before the 4.16.6 patch, which was released in th...
CVE-2018-10879
CVE-2018-10879 is a Linux kernel ext4 use-after-free vulnerability in ext4_xattr_set_entry. A local attacker can trigger a denial of service or other unspecified impact by renaming a file within a crafted ext4 image. The Connected documents corroborate the issue and list multiple advisories, but ...
CVE-2018-1130
CVE-2018-1130 is a Linux kernel vulnerability: a NULL pointer dereference in dccp_write_xmit() of net/dccp/output.c that can crash the system via crafted system calls, allowing local DoS. The Initial Description notes Linux kernel before 4.16-rc7 as vulnerable; connected advisories (Debian, CentO...
CVE-2018-10883
The CVE-2018-10883 issue affects the Linux kernel ext4 implementation. A local attacker can cause an out-of-bounds write in jbd2_journal_dirty_metadata() by mounting and operating on a crafted ext4 filesystem image, leading to denial of service and potential system crash. Public sources (USN-3871...
CVE-2018-10675
The CVE-2018-10675 issue affects the Linux kernel prior to 4.12.9, where the do_get_mempolicy function in mm/mempolicy.c allows a local attacker to trigger a use-after-free, leading to denial of service and potentially other impact. Affected versions include kernels compiled into Linux-based prod...
CVE-2018-1087
CVE-2018-1087 describes a vulnerability in the Linux kernel KVM where exceptions delivered after a stack switch (via Mov SS or Pop SS) were not properly handled. The flaw could allow an unprivileged KVM guest user to crash the guest or potentially escalate privileges within the guest. The descrip...
CVE-2018-15594
CVE-2018-15594 affects the Linux kernel arch/x86/paravirt.c, where mishandling of certain indirect calls weakens Spectre-v2 mitigations for paravirtual guests. The issue is addressed in kernel updates up to 4.18.1 (ChangeLog-4.18.1, commit 5800dc5c…). In practice, vulnerable systems running affec...
CVE-2018-18281
CVE-2018-18281 is a Linux kernel local vulnerability due to a race in mremap() where TLB flushes can occur too late, potentially allowing a process to access memory after it has been freed. The issue stems from moving page tables during mremap(), where stale TLB entries may remain until after the...
CVE-2018-13053
CVE-2018-13053 affects the Linux kernel alarm_timer_nsleep path (kernel/time/alarmtimer.c) through 4.17.3, due to an integer overflow when handling large relative timeouts because ktime_add_safe is not used. This is confirmed by multiple connected advisories (e.g., F5 security advisory summarizin...
CVE-2018-8822
The CVE-2018-8822 issue affects the Linux kernel, specifically the ncp_read_kernel handling in fs/ncpfs/ncplib_kernel.c and the corresponding code in drivers/staging/ncpfs/ncplib_kernel.c. The root cause is incorrect buffer length handling, reported for Linux kernel versions up to 4.15.11 and for...
CVE-2018-18559
CVE-2018-18559 affects the Linux kernel up to 4.19, caused by a use-after-free in a race between fanout_add from setsockopt and bind on AF_PACKET sockets. The issue stems from an incomplete fix (15fe076...) and a multithreaded sequence where a packet_do_bind unregister action followed by a packet...
CVE-2017-15129
CVE-2017-15129 describes a use-after-free in Linux kernel network namespaces: get_net_ns_by_id() may skip verifying net::count after locating a peer in netns_ids idr, enabling a double free and memory corruption. Affected: Linux kernel before 4.14.11; impact includes potential system crash and po...
CVE-2018-19824
CVE-2018-19824 is a local-use-after-free in the Linux kernel’s ALSA USB audio driver. A local attacker could trigger the flaw by attaching a malicious USB sound device (configured with zero interfaces), which is mishandled during usb_audio_probe in sound/usb/card.c. Affected software is the Linux...
CVE-2018-1092
CVE-2018-1092 : Linux kernel ext4 mounting a crafted ext4 image can trigger a NULL pointer dereference in ext4_iget, causing denial of service. This vulnerability is confirmed in multiple advisories (e.g., Debian/Ubuntu RedHat CLIs) and is addressed by applying vendor kernel updates to fixed vers...
CVE-2018-10878
CVE-2018-10878 is confirmed in the Linux kernel ext4 filesystem. The connected Nessus advisories reference a local attacker mounting a crafted ext4 image to trigger an out-of-bounds write, leading to denial of service and potential other impacts. Unity Linux UTSA advisories (e.g., UTSA-2026-00113...
CVE-2018-7566
CVE-2018-7566 is confirmed in the Connected documents as a Linux kernel 4.15 vulnerability. It describes a buffer overflow in ALSA/seq handling: an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write to /dev/snd/seq can be triggered by a local user. The affected component is the kernel’s sound/ALSA subsy...
CVE-2018-10880
CVE-2018-10880 is a Linux kernel/ext4 vulnerability: a stack-out-of-bounds write in ext4_update_inline_data() when mounting or writing to a crafted ext4 image, leading to a potential system crash and DoS. The issue originates from insufficient bounds checking in ext4’s handling of inline data dur...
CVE-2018-18445
CVE-2018-18445 affects the Linux kernel in 4.14.x–4.18.x; prior to 4.18.13, the BPF verifier’s adjust_scalar_min_max_vals mishandles 32-bit right shifts, enabling out-of-bounds memory accesses. Several advisories confirm the issue and reference the fix in 4.18.13 (and backported patches for earli...
CVE-2018-6927
CVE-2018-6927 concerns the Linux kernel futex_requeue implementation in kernel/futex.c. Multiple connected documents confirm a flaw where triggering a negative wake or requeue value can cause a denial of service via an integer overflow. Affected are kernel versions prior to 4.14.15 (and related u...
CVE-2018-1066
CVE-2018-1066 affects the Linux kernel prior to 4.11, where a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() can cause a kernel panic on clients mounting a CIFS server, due to mishandling of an empty TargetInfo field in NTLMSSP during session recovery. Connected documents co...
CVE-2018-15471
CVE-2018-15471 affects the Linux kernel Xen netback driver: the xenvif_set_hash_mapping function in drivers/net/xen-netback/hash.c handles request queue mapping with insufficient input validation (e.g., for integer overflow), causing out-of-bounds memory access. This can allow a malicious or bugg...
CVE-2018-7740
CVE-2018-7740 affects the Linux kernel, where the resv_map_release function in mm/hugetlb.c up to version 4.15.7 is vulnerable. A local attacker can cause a denial of service by crafting an app that uses mmap and a large pgoff with remap_file_pages, triggering a BUG. The connected Nessus reports ...
CVE-2017-18344
CVE-2017-18344 affects the Linux kernel before 4.14.8. The timer_create syscall in kernel/time/posix-timers.c fails to validate sigevent->sigev_notify, causing out-of-bounds access in show_timer when /proc/$PID/timers is read and enabling a local user to read arbitrary kernel memory on builds ...
CVE-2018-14646
CVE-2018-14646 path: Linux kernel contains a NULL pointer dereference in __netlink_ns_capable() (net/netlink/af_netlink.c). A local attacker with netnsid assigned to a net namespace can trigger a kernel panic, causing a denial of service. Connected advisories (e.g., Red Hat RHSA entries and Euler...