| Max CVSS | 7.2 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-1000204 | 6.3 |
Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in
|
11-04-2024 - 00:59 | 26-06-2018 - 14:29 | |
| CVE-2018-12233 | 6.8 |
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered b
|
09-02-2024 - 19:12 | 12-06-2018 - 12:29 | |
| CVE-2018-13406 | 7.2 |
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
|
24-02-2023 - 18:37 | 06-07-2018 - 14:29 | |
| CVE-2018-11506 | 7.2 |
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes
|
24-02-2023 - 18:37 | 28-05-2018 - 04:29 | |
| CVE-2018-10840 | 7.2 |
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
|
13-02-2023 - 04:50 | 16-07-2018 - 20:29 | |
| CVE-2018-10881 | 4.9 |
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
|
12-02-2023 - 23:31 | 26-07-2018 - 18:29 | |
| CVE-2018-1108 | 4.3 |
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
|
29-11-2022 - 18:45 | 21-05-2018 - 21:29 | |
| CVE-2018-13405 | 4.6 |
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a memb
|
06-04-2022 - 15:28 | 06-07-2018 - 14:29 | |
| CVE-2018-10323 | 4.9 |
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
|
08-09-2020 - 19:15 | 24-04-2018 - 06:29 | |
| CVE-2018-1120 | 3.5 |
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w
|
09-10-2019 - 23:38 | 20-06-2018 - 13:29 | |
| CVE-2018-12904 | 4.4 |
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
|
03-10-2019 - 00:03 | 27-06-2018 - 11:29 | |
| CVE-2018-5814 | 6.9 |
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by s
|
20-05-2019 - 15:29 | 12-06-2018 - 16:29 | |
| CVE-2018-13094 | 4.3 |
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
|
23-04-2019 - 17:29 | 03-07-2018 - 10:29 | |
| CVE-2018-11412 | 4.3 |
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a d
|
15-03-2019 - 13:54 | 24-05-2018 - 18:29 | |
| CVE-2018-9415 | 4.6 |
In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploita
|
12-12-2018 - 21:36 | 06-11-2018 - 17:29 | |
| CVE-2018-12232 | 7.1 |
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment t
|
31-10-2018 - 10:30 | 12-06-2018 - 12:29 | |
| CVE-2018-1000200 | 4.9 |
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls m
|
31-10-2018 - 10:30 | 05-06-2018 - 13:29 | |
| CVE-2018-1093 | 7.1 |
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bi
|
29-08-2018 - 10:29 | 02-04-2018 - 03:29 |