Vulnerabilities > Linux > Linux Kernel > 3.14.31

DATE CVE VULNERABILITY TITLE RISK
2018-01-31 CVE-2018-6412 Information Exposure vulnerability in Linux Kernel
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
network
low complexity
linux CWE-200
5.0
2018-01-29 CVE-2017-18079 NULL Pointer Dereference vulnerability in multiple products
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
local
low complexity
linux canonical CWE-476
7.8
2018-01-26 CVE-2018-5750 Information Exposure vulnerability in Linux Kernel
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
local
low complexity
linux debian canonical redhat CWE-200
2.1
2018-01-14 CVE-2017-15128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12.
local
low complexity
linux redhat CWE-119
4.9
2018-01-14 CVE-2017-15127 Improper Cleanup on Thrown Exception vulnerability in multiple products
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.
local
low complexity
linux redhat CWE-460
5.5
2018-01-12 CVE-2018-5344 Use After Free vulnerability in multiple products
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
local
low complexity
linux canonical redhat CWE-416
4.6
2018-01-11 CVE-2018-5333 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
local
low complexity
linux debian canonical CWE-476
4.9
2018-01-11 CVE-2018-5332 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
local
low complexity
linux debian canonical CWE-787
7.8
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8
2017-12-30 CVE-2017-17975 Use After Free vulnerability in Linux Kernel
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
local
low complexity
linux CWE-416
4.9