Vulnerabilities > Linux > Linux Kernel > 4.15.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-20 | CVE-2018-8822 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. | 7.8 |
| 2018-03-16 | CVE-2018-1068 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. | 6.7 |
| 2018-03-15 | CVE-2017-18232 | Unspecified vulnerability in Linux Kernel The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. | 5.5 |
| 2018-03-13 | CVE-2018-8087 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. | 5.5 |
| 2018-03-10 | CVE-2018-8043 | NULL Pointer Dereference vulnerability in multiple products The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). | 5.5 |
| 2018-02-09 | CVE-2018-1000026 | Improper Input Validation vulnerability in multiple products Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. | 7.7 |
| 2018-01-16 | CVE-2018-1000004 | Race Condition vulnerability in Linux Kernel In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. | 5.9 |
| 2017-04-24 | CVE-2010-5321 | Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. | 4.3 |
| 2017-03-03 | CVE-2015-2877 | Information Exposure vulnerability in multiple products Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. | 3.3 |
| 2016-10-10 | CVE-2015-8955 | Permissions, Privileges, and Access Controls vulnerability in multiple products arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. | 7.3 |