Vulnerabilities > Linux > Linux Kernel > 4.14.243

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2018-10879 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
canonical linux debian redhat CWE-416
7.8
2018-07-26 CVE-2018-10878 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
canonical linux debian redhat CWE-787
7.8
2018-07-25 CVE-2018-10880 Out-of-bounds Write vulnerability in multiple products
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data().
local
low complexity
debian linux redhat canonical CWE-787
5.5
2018-06-26 CVE-2018-1000204 Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp.
network
high complexity
linux debian canonical
5.3
2018-06-21 CVE-2016-10723 Resource Management Errors vulnerability in Linux Kernel
An issue was discovered in the Linux kernel through 4.17.2.
local
low complexity
linux CWE-399
5.5
2018-05-10 CVE-2018-1118 Improper Initialization vulnerability in multiple products
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function.
local
low complexity
linux debian canonical redhat CWE-665
5.5
2018-04-02 CVE-2018-1095 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5
2018-04-02 CVE-2018-1094 NULL Pointer Dereference vulnerability in multiple products
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux redhat canonical CWE-476
5.5
2018-04-02 CVE-2018-1092 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5
2018-03-09 CVE-2018-7995 Race Condition vulnerability in multiple products
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory.
local
high complexity
linux canonical debian CWE-362
4.7