VYPR

Linux Kernel

by Ubuntu

Source repositories

CVEs (1,433)

  • CVE-2018-18653Oct 26, 2018
    risk 0.00cvss epss 0.00

    The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in…

  • CVE-2018-18386Oct 17, 2018
    risk 0.00cvss epss 0.00

    drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

  • CVE-2018-18445Oct 17, 2018
    risk 0.00cvss epss 0.01

    In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

  • CVE-2018-5873HigJul 6, 2018
    risk 0.00cvss 7.0epss 0.01

    An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM,…

  • CVE-2018-13406HigJul 6, 2018
    risk 0.00cvss 7.8epss 0.01

    An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.

  • CVE-2018-13093MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that…

  • CVE-2018-12714CriJun 24, 2018
    risk 0.00cvss 9.8epss 0.05

    An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows…

  • CVE-2018-12633MedJun 22, 2018
    risk 0.00cvss 6.3epss 0.00

    An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the…

  • CVE-2018-11232MedMay 18, 2018
    risk 0.00cvss 5.5epss 0.00

    The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.

  • CVE-2018-10940MedMay 9, 2018
    risk 0.00cvss 5.5epss 0.01

    The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

  • CVE-2018-8087MedMar 13, 2018
    risk 0.00cvss 5.5epss 0.00

    Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.

  • CVE-2018-8043MedMar 10, 2018
    risk 0.00cvss 5.5epss 0.00

    The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

  • CVE-2015-5366Aug 31, 2015
    risk 0.00cvss epss 0.06

    The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a…

  • CVE-2015-4700Aug 31, 2015
    risk 0.00cvss epss 0.00

    The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.

  • CVE-2015-4167Aug 5, 2015
    risk 0.00cvss epss 0.00

    The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.

  • CVE-2015-4692Jul 27, 2015
    risk 0.00cvss epss 0.00

    The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

  • CVE-2015-2042Apr 21, 2015
    risk 0.00cvss epss 0.00

    net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

  • CVE-2015-0274Mar 16, 2015
    risk 0.00cvss epss 0.00

    The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem…

  • CVE-2014-7822Mar 16, 2015
    risk 0.00cvss epss 0.01

    The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a…

  • CVE-2014-6418Sep 28, 2014
    risk 0.00cvss epss 0.05

    net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph…

Page 68 of 72