Vulnerabilities > Kernel

DATE CVE VULNERABILITY TITLE RISK
2021-07-30 CVE-2021-37600 Integer Overflow or Wraparound vulnerability in multiple products
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
local
high complexity
kernel netapp CWE-190
1.2
2020-05-26 CVE-2020-10751 Insufficient Verification of Data Authenticity vulnerability in multiple products
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message.
local
low complexity
kernel redhat CWE-345
3.6
2018-11-27 CVE-2018-17953 Unspecified vulnerability in Kernel Linux-Pam 1.3.0
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
network
kernel opensuse suse
critical
9.3
2018-03-07 CVE-2018-7738 Unspecified vulnerability in Kernel Util-Linux
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
local
low complexity
kernel
7.2
2017-08-23 CVE-2015-5224 Unspecified vulnerability in Kernel Util-Linux
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
network
low complexity
kernel
7.5
2017-04-11 CVE-2016-5011 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
local
low complexity
kernel redhat ibm
4.9
2017-03-31 CVE-2014-9114 Command Injection vulnerability in multiple products
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
local
low complexity
opensuse fedoraproject kernel CWE-77
7.2
2017-02-07 CVE-2016-2779 Permissions, Privileges, and Access Controls vulnerability in Kernel Util-Linux 2.24.21
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
local
low complexity
kernel CWE-264
7.2
2015-11-09 CVE-2015-5218 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
local
low complexity
kernel opensuse opensuse-project CWE-119
2.1
2014-01-21 CVE-2013-0157 Information Exposure vulnerability in Kernel Util-Linux 2.14.1/2.17.2
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
local
low complexity
kernel CWE-200
2.1