Vulnerabilities > Linux > Linux Kernel > 3.14.31

DATE CVE VULNERABILITY TITLE RISK
2018-06-12 CVE-2018-5803 Improper Input Validation vulnerability in Linux Kernel
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
local
low complexity
linux debian redhat CWE-20
4.9
2018-06-12 CVE-2018-12233 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file.
local
low complexity
linux canonical CWE-119
7.8
2018-06-12 CVE-2018-12232 Race Condition vulnerability in Linux Kernel
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions.
network
linux CWE-362
7.1
2018-05-28 CVE-2018-11508 Information Exposure vulnerability in Linux Kernel
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
local
low complexity
linux canonical CWE-200
2.1
2018-05-18 CVE-2017-18270 Unspecified vulnerability in Linux Kernel
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
local
low complexity
linux
3.6
2018-05-18 CVE-2018-11232 Improper Input Validation vulnerability in Linux Kernel
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
local
low complexity
linux CWE-20
4.9
2018-05-10 CVE-2018-1130 NULL Pointer Dereference vulnerability in Linux Kernel
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
local
low complexity
linux debian canonical redhat CWE-476
4.9
2018-05-09 CVE-2018-10940 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
local
low complexity
linux debian CWE-119
4.9
2018-05-02 CVE-2018-10675 Use After Free vulnerability in multiple products
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
local
low complexity
linux redhat canonical CWE-416
7.8
2018-04-24 CVE-2018-10323 NULL Pointer Dereference vulnerability in multiple products
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
local
low complexity
linux canonical debian CWE-476
4.9