VYPR

Vendor CVEs

Linux

All CVEs

15,975 total · sorted by risk
  • CVE-2019-8956HigApr 1, 2019
    risk 0.00cvss 7.8epss 0.01

    In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

  • CVE-2019-9857MedMar 21, 2019
    risk 0.00cvss 5.5epss 0.00

    In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a…

  • CVE-2019-9003HigFeb 22, 2019
    risk 0.00cvss 7.5epss 0.05

    In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.

  • CVE-2018-20784CriFeb 22, 2019
    risk 0.00cvss 9.8epss 0.04

    In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.

  • CVE-2017-18360MedJan 31, 2019
    risk 0.00cvss 5.5epss 0.00

    In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.

  • CVE-2019-5489MedJan 7, 2019
    risk 0.00cvss 5.5epss 0.01

    The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the…

  • CVE-2019-3701MedJan 3, 2019
    risk 0.00cvss 4.4epss 0.01

    An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame…

  • CVE-2018-20511MedDec 27, 2018
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT…

  • CVE-2018-20169MedDec 17, 2018
    risk 0.00cvss 6.8epss 0.01

    An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

  • CVE-2018-18397MedDec 12, 2018
    risk 0.00cvss 5.5epss 0.01

    The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains…

  • CVE-2018-19854MedDec 4, 2018
    risk 0.00cvss 4.7epss 0.00

    An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user…

  • CVE-2018-19824HigDec 3, 2018
    risk 0.00cvss 7.8epss 0.01

    In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

  • CVE-2018-14646MedNov 26, 2018
    risk 0.00cvss 5.5epss 0.00

    The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic…

  • CVE-2018-18281HigOct 30, 2018
    risk 0.00cvss 7.8epss 0.01

    Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits…

  • CVE-2018-18710MedOct 29, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to…

  • CVE-2018-18690MedOct 26, 2018
    risk 0.00cvss 5.5epss 0.01

    In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in…

  • CVE-2018-18386LowOct 17, 2018
    risk 0.00cvss 3.3epss 0.00

    drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

  • CVE-2018-18445HigOct 17, 2018
    risk 0.00cvss 7.8epss 0.01

    In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

  • CVE-2018-14656HigOct 8, 2018
    risk 0.00cvss 7.0epss 0.01

    A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.

  • CVE-2018-18021HigOct 7, 2018
    risk 0.00cvss 7.1epss 0.01

    arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register…

  • CVE-2018-16597MedSep 21, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

  • CVE-2018-14641MedSep 18, 2018
    risk 0.00cvss 6.5epss 0.03

    A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an…

  • CVE-2018-10853HigSep 11, 2018
    risk 0.00cvss 7.0epss 0.00

    A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to…

  • CVE-2018-16658MedSep 7, 2018
    risk 0.00cvss 6.1epss 0.01

    An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to…

  • CVE-2018-16276HigAug 31, 2018
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.

  • CVE-2018-14619HigAug 30, 2018
    risk 0.00cvss 7.8epss 0.00

    A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading…

  • CVE-2018-10938MedAug 27, 2018
    risk 0.00cvss 5.9epss 0.05

    A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A…

  • CVE-2018-5953MedAug 7, 2018
    risk 0.00cvss 5.5epss 0.00

    The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.

  • CVE-2018-10883MedJul 30, 2018
    risk 0.00cvss 4.8epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

  • CVE-2017-2634HigJul 27, 2018
    risk 0.00cvss 7.5epss 0.05

    It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use…

  • CVE-2017-2618MedJul 27, 2018
    risk 0.00cvss 5.5epss 0.00

    A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

  • CVE-2017-2616MedJul 27, 2018
    risk 0.00cvss 5.5epss 0.00

    A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

  • CVE-2018-10882MedJul 27, 2018
    risk 0.00cvss 4.8epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

  • CVE-2017-18344MedJul 26, 2018
    risk 0.00cvss 5.5epss 0.03

    The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows…

  • CVE-2018-10881MedJul 26, 2018
    risk 0.00cvss 4.2epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

  • CVE-2018-10879MedJul 26, 2018
    risk 0.00cvss 4.2epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

  • CVE-2018-10878HigJul 26, 2018
    risk 0.00cvss 7.8epss 0.01

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.

  • CVE-2018-10876MedJul 26, 2018
    risk 0.00cvss 5.0epss 0.01

    A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.

  • CVE-2018-10901HigJul 26, 2018
    risk 0.00cvss 7.8epss 0.01

    A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT,…

  • CVE-2018-10880MedJul 25, 2018
    risk 0.00cvss 5.5epss 0.03

    Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

  • CVE-2018-13100MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.

  • CVE-2018-13099MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.03

    An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

  • CVE-2018-13098MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.

  • CVE-2018-13097MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).

  • CVE-2018-13096MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.03

    An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

  • CVE-2018-13095MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.

  • CVE-2018-13094MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.

  • CVE-2018-12896MedJul 2, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the…

  • CVE-2018-13053LowJul 2, 2018
    risk 0.00cvss 3.3epss 0.01

    The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.

  • CVE-2018-1000204MedJun 26, 2018
    risk 0.00cvss 5.3epss 0.02

    Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in…

Page 296 of 320