VYPR

Kernel

by Linux

Source repositories

CVEs (15,817)

  • CVE-2018-18021HigOct 7, 2018
    risk 0.00cvss 7.1epss 0.01

    arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register…

  • CVE-2018-16597MedSep 21, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

  • CVE-2018-14641MedSep 18, 2018
    risk 0.00cvss 6.5epss 0.03

    A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an…

  • CVE-2018-10853HigSep 11, 2018
    risk 0.00cvss 7.0epss 0.00

    A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to…

  • CVE-2018-16658MedSep 7, 2018
    risk 0.00cvss 6.1epss 0.01

    An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to…

  • CVE-2018-16276HigAug 31, 2018
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.

  • CVE-2018-14619HigAug 30, 2018
    risk 0.00cvss 7.8epss 0.00

    A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading…

  • CVE-2018-10938MedAug 27, 2018
    risk 0.00cvss 5.9epss 0.05

    A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A…

  • CVE-2018-5953MedAug 7, 2018
    risk 0.00cvss 5.5epss 0.00

    The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.

  • CVE-2018-10883MedJul 30, 2018
    risk 0.00cvss 4.8epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

  • CVE-2017-2634HigJul 27, 2018
    risk 0.00cvss 7.5epss 0.05

    It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use…

  • CVE-2017-2618MedJul 27, 2018
    risk 0.00cvss 5.5epss 0.00

    A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

  • CVE-2018-10882MedJul 27, 2018
    risk 0.00cvss 4.8epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

  • CVE-2017-18344MedJul 26, 2018
    risk 0.00cvss 5.5epss 0.03

    The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows…

  • CVE-2018-10881MedJul 26, 2018
    risk 0.00cvss 4.2epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

  • CVE-2018-10879MedJul 26, 2018
    risk 0.00cvss 4.2epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

  • CVE-2018-10878HigJul 26, 2018
    risk 0.00cvss 7.8epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.

  • CVE-2018-10876MedJul 26, 2018
    risk 0.00cvss 5.0epss 0.01

    A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.

  • CVE-2018-10901HigJul 26, 2018
    risk 0.00cvss 7.8epss 0.01

    A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT,…

  • CVE-2018-10880MedJul 25, 2018
    risk 0.00cvss 5.5epss 0.03

    Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

Page 733 of 791