- Home
- CVEs with nessus.description==An+update+for+kernel-rt+is+now+available+for+Red+Hat+Enterprise+Linux+7.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+a+security+impact+of+Important.+A+Common+Vulnerability+Scoring+System+%28CVSS%29+base+score%2C+which+gives+a+detailed+severity+rating%2C+is+available+for+each+vulnerability+from+the+CVE+link%28s%29+in+the+References+section.%0A%0AThe+kernel-rt+packages+provide+the+Real+Time+Linux+Kernel%2C+which+enables+fine-tuning+for+systems+with+extremely+high+determinism+requirements.%0A%0ASecurity+Fix%28es%29+%3A%0A%0A%2A+A+flaw+named+FragmentSmack+was+found+in+the+way+the+Linux+kernel+handled+reassembly+of+fragmented+IPv4+and+IPv6+packets.+A+remote+attacker+could+use+this+flaw+to+trigger+time+and+calculation+expensive+fragment+reassembly+algorithm+by+sending+specially+crafted+packets+which+could+lead+to+a+CPU+saturation+and+hence+a+denial+of+service+on+the+system.+%28CVE-2018-5391%29%0A%0A%2A+kernel%3A+out-of-bounds+access+in+the+show_timer+function+in+kernel%2Ftime%2F+posix-timers.c+%28CVE-2017-18344%29%0A%0A%2A+kernel%3A+Integer+overflow+in+udl_fb_mmap%28%29+can+allow+attackers+to+execute+code+in+kernel+space+%28CVE-2018-8781%29%0A%0A%2A+kernel%3A+MIDI+driver+race+condition+leads+to+a+double-free+%28CVE-2018-10902%29%0A%0A%2A+kernel%3A+Missing+check+in+inode_init_owner%28%29+does+not+clear+SGID+bit+on+non-directories+for+non-members+%28CVE-2018-13405%29%0A%0A%2A+kernel%3A+AIO+write+triggers+integer+overflow+in+some+protocols+%28CVE-2015-8830%29%0A%0A%2A+kernel%3A+Use-after-free+in+snd_pcm_info+function+in+ALSA+subsystem+potentially+leads+to+privilege+escalation+%28CVE-2017-0861%29%0A%0A%2A+kernel%3A+Handling+of+might_cancel+queueing+is+not+properly+pretected+against+race+%28CVE-2017-10661%29%0A%0A%2A+kernel%3A+Salsa20+encryption+algorithm+does+not+correctly+handle+zero-length+inputs+allowing+local+attackers+to+cause+denial+of+service+%28CVE-2017-17805%29%0A%0A%2A+kernel%3A+Inifinite+loop+vulnerability+in+madvise_willneed%28%29+function+allows+local+denial+of+service+%28CVE-2017-18208%29%0A%0A%2A+kernel%3A+fuse-backed+file+mmap-ed+onto+process+cmdline+arguments+causes+denial+of+service+%28CVE-2018-1120%29%0A%0A%2A+kernel%3A+a+NULL+pointer+dereference+in+dccp_write_xmit%28%29+leads+to+a+system+crash+%28CVE-2018-1130%29%0A%0A%2A+kernel%3A+drivers%2Fblock%2Floop.c+mishandles+lo_release+serialization+allowing+denial+of+service+%28CVE-2018-5344%29%0A%0A%2A+kernel%3A+Missing+length+check+of+payload+in+_sctp_make_chunk%28%29+function+allows+denial+of+service+%28CVE-2018-5803%29%0A%0A%2A+kernel%3A+buffer+overflow+in+drivers%2Fnet%2Fwireless%2Fath%2Fwil6210%2F+wmi.c%3Awmi_set_ie%28%29+may+lead+to+memory+corruption+%28CVE-2018-5848%29%0A%0A%2A+kernel%3A+out-of-bound+write+in+ext4_init_block_bitmap+function+with+a+crafted+ext4+image+%28CVE-2018-10878%29%0A%0A%2A+kernel%3A+Improper+validation+in+bnx2x+network+card+driver+can+allow+for+denial+of+service+attacks+via+crafted+packet+%28CVE-2018-1000026%29%0A%0A%2A+kernel%3A+Information+leak+when+handling+NM+entries+containing+NUL+%28CVE-2016-4913%29%0A%0A%2A+kernel%3A+Mishandling+mutex+within+libsas+allowing+local+Denial+of+Service+%28CVE-2017-18232%29%0A%0A%2A+kernel%3A+NULL+pointer+dereference+in+ext4_process_freed_data%28%29+when+mounting+crafted+ext4+image+%28CVE-2018-1092%29%0A%0A%2A+kernel%3A+NULL+pointer+dereference+in+ext4_xattr_inode_hash%28%29+causes+crash+with+crafted+ext4+image+%28CVE-2018-1094%29%0A%0A%2A+kernel%3A+vhost%3A+Information+disclosure+in+vhost.c%3Avhost_new_msg%28%29+%28CVE-2018-1118%29%0A%0A%2A+kernel%3A+Denial+of+service+in+resv_map_release+function+in+mm%2Fhugetlb.c+%28CVE-2018-7740%29%0A%0A%2A+kernel%3A+Memory+leak+in+the+sas_smp_get_phy_events+function+in+drivers%2Fscsi%2F+libsas%2Fsas_expander.c+%28CVE-2018-7757%29%0A%0A%2A+kernel%3A+Invalid+pointer+dereference+in+xfs_ilock_attr_map_shared%28%29+when+mounting+crafted+xfs+image+allowing+denial+of+service+%28CVE-2018-10322%29%0A%0A%2A+kernel%3A+use-after-free+detected+in+ext4_xattr_set_entry+with+a+crafted+file+%28CVE-2018-10879%29%0A%0A%2A+kernel%3A+out-of-bound+access+in+ext4_get_group_info%28%29+when+mounting+and+operating+a+crafted+ext4+image+%28CVE-2018-10881%29%0A%0A%2A+kernel%3A+stack-out-of-bounds+write+in+jbd2_journal_dirty_metadata+function+%28CVE-2018-10883%29%0A%0A%2A+kernel%3A+incorrect+memory+bounds+check+in+drivers%2Fcdrom%2Fcdrom.c+%28CVE-2018-10940%29%0A%0ARed+Hat+would+like+to+thank+Juha-Matti+Tilli+%28Aalto+University+-+Department+of+Communications+and+Networking+and+Nokia+Bell+Labs%29+for+reporting+CVE-2018-5391%3B+Trend+Micro+Zero+Day+Initiative+for+reporting+CVE-2018-10902%3B+Qualys+Research+Labs+for+reporting+CVE-2018-1120%3B%0AEvgenii+Shatokhin+%28Virtuozzo+Team%29+for+reporting+CVE-2018-1130%3B+and+Wen+Xu+for+reporting+CVE-2018-1092+and+CVE-2018-1094
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top