Vulnerabilities > Linux > Linux Kernel > 3.18.34

DATE CVE VULNERABILITY TITLE RISK
2018-03-20 CVE-2018-8822 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.
local
low complexity
linux canonical debian CWE-119
7.8
2018-03-16 CVE-2018-1068 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging.
local
low complexity
linux canonical debian redhat CWE-787
6.7
2018-03-15 CVE-2017-18232 Unspecified vulnerability in Linux Kernel
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
local
low complexity
linux
2.1
2018-03-13 CVE-2018-8087 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
local
low complexity
linux debian canonical CWE-772
4.9
2018-03-12 CVE-2017-18224 Race Condition vulnerability in Linux Kernel
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
local
linux CWE-362
1.9
2018-03-10 CVE-2018-8043 NULL Pointer Dereference vulnerability in Linux Kernel
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
local
low complexity
linux canonical CWE-476
2.1
2018-03-09 CVE-2018-7995 Race Condition vulnerability in multiple products
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory.
local
high complexity
linux canonical debian CWE-362
4.7
2018-03-08 CVE-2018-7757 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
local
low complexity
linux CWE-772
2.1
2018-03-08 CVE-2017-18222 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.
local
low complexity
linux CWE-119
4.6
2018-03-08 CVE-2018-7755 Information Exposure vulnerability in Linux Kernel
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7.
local
low complexity
linux canonical CWE-200
2.1