Vulnerabilities > Linux > Linux Kernel > 3.16.84
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-12 | CVE-2018-5814 | Race Condition vulnerability in multiple products In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. | 7.0 |
| 2018-06-12 | CVE-2018-5803 | Improper Input Validation vulnerability in multiple products In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | 5.5 |
| 2018-06-12 | CVE-2018-12232 | Race Condition vulnerability in Linux Kernel In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. | 5.9 |
| 2018-05-28 | CVE-2018-11508 | Information Exposure vulnerability in multiple products The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | 5.5 |
| 2018-05-18 | CVE-2017-18270 | Unspecified vulnerability in Linux Kernel In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. | 7.1 |
| 2018-05-18 | CVE-2018-11232 | Improper Input Validation vulnerability in Linux Kernel The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. | 5.5 |
| 2018-05-09 | CVE-2018-10940 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. | 5.5 |
| 2018-04-24 | CVE-2018-10323 | NULL Pointer Dereference vulnerability in multiple products The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. | 5.5 |
| 2018-04-24 | CVE-2018-10322 | NULL Pointer Dereference vulnerability in multiple products The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. | 5.5 |
| 2018-04-19 | CVE-2017-18261 | Infinite Loop vulnerability in Linux Kernel The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER. | 5.5 |