Vulnerabilities > Linux > Linux Kernel > 4.13.4

DATE CVE VULNERABILITY TITLE RISK
2018-05-24 CVE-2018-11412 Use After Free vulnerability in multiple products
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
4.3
2018-05-18 CVE-2017-18270 Unspecified vulnerability in Linux Kernel
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
local
low complexity
linux
3.6
2018-05-10 CVE-2018-1118 Improper Initialization vulnerability in multiple products
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function.
local
low complexity
linux debian canonical redhat CWE-665
5.5
2018-05-10 CVE-2018-1130 NULL Pointer Dereference vulnerability in Linux Kernel
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
local
low complexity
linux debian canonical redhat CWE-476
4.9
2018-05-09 CVE-2018-10940 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
local
low complexity
linux debian CWE-119
4.9
2018-04-24 CVE-2018-10323 NULL Pointer Dereference vulnerability in multiple products
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
local
low complexity
linux canonical debian CWE-476
4.9
2018-04-24 CVE-2018-10322 NULL Pointer Dereference vulnerability in multiple products
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
local
low complexity
linux redhat CWE-476
4.9
2018-04-23 CVE-2018-8781 Integer Overflow or Wraparound vulnerability in multiple products
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
local
low complexity
linux canonical debian redhat CWE-190
7.8
2018-04-12 CVE-2018-10074 NULL Pointer Dereference vulnerability in Linux Kernel
The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.
local
low complexity
linux CWE-476
4.9
2018-04-02 CVE-2018-1095 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5