Vulnerabilities > Linux > Linux Kernel > 4.15.11

DATE CVE VULNERABILITY TITLE RISK
2018-04-02 CVE-2018-1092 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5
2018-03-20 CVE-2018-8822 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.
local
low complexity
linux canonical debian CWE-119
7.8
2018-02-09 CVE-2018-1000026 Improper Input Validation vulnerability in multiple products
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line.
network
low complexity
linux canonical redhat debian CWE-20
7.7
2017-04-24 CVE-2010-5321 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761.
low complexity
linux CWE-772
4.3
2017-03-03 CVE-2015-2877 Information Exposure vulnerability in multiple products
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.
local
low complexity
linux redhat CWE-200
3.3
2016-10-10 CVE-2015-8955 Permissions, Privileges, and Access Controls vulnerability in multiple products
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
local
low complexity
linux google CWE-264
7.3
2016-05-09 CVE-2015-0571 Missing Authorization vulnerability in Linux Kernel
The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.
network
linux CWE-862
critical
9.3
2016-05-09 CVE-2015-0570 Out-of-bounds Write vulnerability in Linux Kernel
Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element.
network
linux CWE-787
critical
9.3
2016-05-09 CVE-2015-0569 Out-of-bounds Write vulnerability in Linux Kernel
Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter.
network
linux CWE-787
critical
9.3
2016-05-02 CVE-2016-2854 Improper Privilege Management vulnerability in Linux Kernel
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
local
low complexity
linux CWE-269
4.6