Vulnerabilities > Linux > Linux Kernel > 4.14.123

DATE CVE VULNERABILITY TITLE RISK
2018-06-20 CVE-2018-1120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found affecting the Linux kernel before version 4.17.
network
high complexity
linux redhat debian canonical CWE-119
5.3
2018-06-12 CVE-2018-12232 Race Condition vulnerability in Linux Kernel
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions.
network
high complexity
linux CWE-362
5.9
2018-05-28 CVE-2018-11508 Information Exposure vulnerability in multiple products
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
local
low complexity
linux canonical CWE-200
5.5
2018-05-24 CVE-2018-11412 Use After Free vulnerability in multiple products
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
network
high complexity
linux canonical CWE-416
5.9
2018-05-10 CVE-2018-1118 Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function.
local
low complexity
linux debian canonical redhat
5.5
2018-05-09 CVE-2018-10940 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
local
low complexity
linux debian CWE-119
5.5
2018-04-24 CVE-2018-10323 NULL Pointer Dereference vulnerability in multiple products
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
local
low complexity
linux canonical debian CWE-476
5.5
2018-04-24 CVE-2018-10322 NULL Pointer Dereference vulnerability in multiple products
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
local
low complexity
linux redhat CWE-476
5.5
2018-04-02 CVE-2018-1095 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5
2018-04-02 CVE-2018-1094 NULL Pointer Dereference vulnerability in multiple products
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux redhat canonical CWE-476
5.5