Vulnerabilities > Linux > Linux Kernel > 4.12.13
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-24 | CVE-2018-10322 | NULL Pointer Dereference vulnerability in multiple products The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. | 5.5 |
2018-04-23 | CVE-2018-8781 | Integer Overflow or Wraparound vulnerability in multiple products The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. | 7.8 |
2018-04-19 | CVE-2017-18261 | Infinite Loop vulnerability in Linux Kernel The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER. | 5.5 |
2018-04-16 | CVE-2018-10124 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | 5.5 |
2018-04-13 | CVE-2018-10087 | Improper Input Validation vulnerability in multiple products The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | 5.5 |
2018-04-02 | CVE-2018-1095 | NULL Pointer Dereference vulnerability in Linux Kernel The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. | 5.5 |
2018-04-02 | CVE-2018-1094 | NULL Pointer Dereference vulnerability in multiple products The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. | 5.5 |
2018-04-02 | CVE-2018-1093 | Out-of-bounds Read vulnerability in Linux Kernel The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. | 5.5 |
2018-04-02 | CVE-2018-1092 | NULL Pointer Dereference vulnerability in Linux Kernel The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. | 5.5 |
2018-03-27 | CVE-2018-1091 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. | 5.5 |