Vulnerabilities > Linux > Linux Kernel > 3.16.66
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-09 | CVE-2018-7995 | Race Condition vulnerability in multiple products Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. | 4.7 |
| 2018-03-02 | CVE-2018-1065 | NULL Pointer Dereference vulnerability in Linux Kernel The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. | 4.7 |
| 2018-02-09 | CVE-2018-1000026 | Improper Input Validation vulnerability in multiple products Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. | 7.7 |
| 2018-01-14 | CVE-2017-15128 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. | 4.9 |
| 2018-01-14 | CVE-2017-15127 | Improper Cleanup on Thrown Exception vulnerability in multiple products A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. | 5.5 |
| 2017-11-30 | CVE-2017-15116 | NULL Pointer Dereference vulnerability in multiple products The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | 5.5 |
| 2017-11-22 | CVE-2017-12193 | NULL Pointer Dereference vulnerability in Linux Kernel The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. | 5.5 |
| 2017-11-22 | CVE-2017-12190 | Resource Exhaustion vulnerability in Linux Kernel The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. | 6.5 |
| 2017-10-14 | CVE-2017-15299 | NULL Pointer Dereference vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. | 5.5 |
| 2017-10-12 | CVE-2017-12192 | NULL Pointer Dereference vulnerability in Linux Kernel The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. | 5.5 |