Vulnerabilities > Kernel
|2021-07-30||CVE-2021-37600|| Integer Overflow or Wraparound vulnerability in multiple products |
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
| 1.2 |
|2020-05-26||CVE-2020-10751|| Insufficient Verification of Data Authenticity vulnerability in multiple products |
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message.
| 3.6 |
|2018-11-27||CVE-2018-17953|| Unspecified vulnerability in Kernel Linux-Pam 1.3.0 |
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
| 9.3 |
|2018-03-07||CVE-2018-7738|| Unspecified vulnerability in Kernel Util-Linux |
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
| 7.2 |
|2017-08-23||CVE-2015-5224|| Unspecified vulnerability in Kernel Util-Linux |
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
| 7.5 |
|2017-04-11||CVE-2016-5011||The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.|| 4.9 |
|2017-03-31||CVE-2014-9114|| Command Injection vulnerability in multiple products |
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
| 7.2 |
|2017-02-07||CVE-2016-2779|| Permissions, Privileges, and Access Controls vulnerability in Kernel Util-Linux 2.24.21 |
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
| 7.2 |
|2015-11-09||CVE-2015-5218|| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products |
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
| 2.1 |
|2014-01-21||CVE-2013-0157|| Information Exposure vulnerability in Kernel Util-Linux 2.14.1/2.17.2 |
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
| 2.1 |