Vulnerabilities (CVE)

Vendor filter

Linux Subscribe

Filter

2198 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18710 1 Linux 1 Linux Kernel 2018-12-07 2.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with...
CVE-2018-10840 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2018-12-07 7.2
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
CVE-2016-1583 3 Linux, Canonical, Novell 9 Ubuntu Linux, Suse Linux Enterprise Live Patching, Suse Linux Enterprise Software Development Kit and 6 more 2018-12-06 7.2
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc...
CVE-2018-6559 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2018-12-06 2.1
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
CVE-2018-18445 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2018-12-06 7.2
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles...
CVE-2018-18386 1 Linux 1 Linux Kernel 2018-12-06 2.1
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVE-2018-17972 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2018-12-06 4.9
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack...
CVE-2018-18559 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2018-12-06 6.8
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for...
CVE-2018-7566 2 Suse, Linux 3 Linux Enterprise Module For Public Cloud, Linux Kernel, Linux Enterprise Server 2018-11-30 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2018-5390 7 Cisco, F5, Redhat and 4 more 36 Collaboration Meeting Rooms, Digital Network Architecture Center, Expressway and 33 more 2018-11-30 7.8
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-10901 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2018-11-30 7.2
A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place...
CVE-2018-10675 1 Linux 1 Linux Kernel 2018-11-30 7.2
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2018-1000004 1 Linux 1 Linux Kernel 2018-11-30 7.1
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
CVE-2017-9074 1 Linux 1 Linux Kernel 2018-11-30 7.2
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or...
CVE-2017-8824 1 Linux 1 Linux Kernel 2018-11-30 7.2
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
CVE-2017-7645 1 Linux 1 Linux Kernel 2018-11-30 7.8
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
CVE-2017-7542 1 Linux 1 Linux Kernel 2018-11-30 4.9
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
CVE-2017-18017 1 Linux 1 Linux Kernel 2018-11-30 10.0
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified...
CVE-2017-15265 1 Linux 1 Linux Kernel 2018-11-30 6.9
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to...
CVE-2017-11176 2 Linux, Debian 2 Linux Kernel, Debian Linux 2018-11-30 7.2
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or...