Vulnerabilities > Linux > Linux Kernel > 4.14.2

DATE CVE VULNERABILITY TITLE RISK
2018-02-09 CVE-2018-1000026 Improper Input Validation vulnerability in multiple products
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line.
network
low complexity
linux canonical redhat debian CWE-20
7.7
2018-01-31 CVE-2017-16914 NULL Pointer Dereference vulnerability in Linux Kernel
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
network
linux CWE-476
7.1
2018-01-31 CVE-2017-16913 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.
network
linux CWE-119
7.1
2018-01-31 CVE-2017-16912 Out-of-bounds Read vulnerability in Linux Kernel
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
network
linux CWE-125
7.1
2018-01-31 CVE-2017-16911 Information Exposure vulnerability in Linux Kernel
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses.
local
linux CWE-200
1.9
2018-01-31 CVE-2018-6412 Information Exposure vulnerability in Linux Kernel
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
network
low complexity
linux CWE-200
5.0
2018-01-26 CVE-2018-5750 Information Exposure vulnerability in Linux Kernel
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
local
low complexity
linux debian canonical redhat CWE-200
2.1
2018-01-24 CVE-2017-18075 Release of Invalid Pointer or Reference vulnerability in multiple products
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
local
low complexity
linux canonical CWE-763
7.8
2018-01-16 CVE-2018-5703 Out-of-bounds Write vulnerability in Linux Kernel
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.
network
low complexity
linux CWE-787
critical
9.8
2018-01-12 CVE-2018-5344 Use After Free vulnerability in multiple products
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
local
low complexity
linux canonical redhat CWE-416
4.6