Vulnerabilities > Linux > Linux Kernel > 2.6.25.10

DATE CVE VULNERABILITY TITLE RISK
2018-04-19 CVE-2017-18261 Infinite Loop vulnerability in Linux Kernel
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
local
low complexity
linux CWE-835
5.5
2018-04-16 CVE-2018-10124 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
local
low complexity
linux debian canonical CWE-119
5.5
2018-04-13 CVE-2018-10087 Improper Input Validation vulnerability in multiple products
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
local
low complexity
linux debian canonical CWE-20
5.5
2018-04-04 CVE-2017-18257 Integer Overflow or Wraparound vulnerability in multiple products
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
local
low complexity
linux debian CWE-190
5.5
2018-04-02 CVE-2018-1095 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5
2018-04-02 CVE-2018-1094 NULL Pointer Dereference vulnerability in multiple products
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux redhat canonical CWE-476
5.5
2018-04-02 CVE-2018-1093 Out-of-bounds Read vulnerability in Linux Kernel
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
local
low complexity
linux CWE-125
5.5
2018-04-02 CVE-2018-1092 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5
2018-03-31 CVE-2017-18255 Integer Overflow or Wraparound vulnerability in Linux Kernel
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.
local
low complexity
linux CWE-190
7.8
2018-03-27 CVE-2018-1091 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.
local
low complexity
linux CWE-119
5.5