Vulnerabilities > Linux > Linux Kernel > 3.18.111
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-06 | CVE-2018-13406 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | 7.8 |
| 2018-07-03 | CVE-2018-13099 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. | 5.5 |
| 2018-07-03 | CVE-2018-13096 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. | 5.5 |
| 2018-06-26 | CVE-2018-1000204 | Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. | 5.3 |
| 2018-06-21 | CVE-2016-10723 | Resource Management Errors vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 4.17.2. | 5.5 |
| 2018-06-12 | CVE-2018-12233 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. | 7.8 |
| 2018-04-02 | CVE-2018-1095 | NULL Pointer Dereference vulnerability in Linux Kernel The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. | 5.5 |
| 2018-04-02 | CVE-2018-1094 | NULL Pointer Dereference vulnerability in multiple products The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. | 5.5 |
| 2018-04-02 | CVE-2018-1092 | NULL Pointer Dereference vulnerability in Linux Kernel The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. | 5.5 |
| 2018-03-09 | CVE-2018-7995 | Race Condition vulnerability in multiple products Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. | 4.7 |