Vulnerabilities > Linux > Linux Kernel > 4.17.3

DATE CVE VULNERABILITY TITLE RISK
2018-07-03 CVE-2018-13097 Out-of-bounds Read vulnerability in Linux Kernel
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3.
network
linux CWE-125
4.3
4.3
2018-07-03 CVE-2018-13095 Out-of-bounds Write vulnerability in Linux Kernel
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3.
network
linux CWE-787
4.3
4.3
2018-07-03 CVE-2018-13094 NULL Pointer Dereference vulnerability in Linux Kernel
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. 		4.3
4.3
2018-07-03 CVE-2018-13093 NULL Pointer Dereference vulnerability in Linux Kernel
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3.
network
linux CWE-476
4.3
4.3
2018-07-02 CVE-2018-12896 Integer Overflow or Wraparound vulnerability in Linux Kernel
An issue was discovered in the Linux kernel through 4.17.3.
local
low complexity
linux debian canonical CWE-190
2.1
2.1
2018-07-02 CVE-2018-13053 Integer Overflow or Wraparound vulnerability in Linux Kernel
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.
local
low complexity
linux canonical debian CWE-190
2.1
2.1
2018-06-24 CVE-2018-12714 Out-of-bounds Write vulnerability in Linux Kernel
An issue was discovered in the Linux kernel through 4.17.2.
network
low complexity
linux CWE-787
critical
 9.8
9.8
2018-06-12 CVE-2018-12233 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file.
local
low complexity
linux canonical CWE-119
7.8
7.8
2018-05-21 CVE-2018-1108 Use of Insufficiently Random Values vulnerability in multiple products
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data.
network
high complexity
linux canonical debian CWE-330
5.9
5.9
2018-05-10 CVE-2018-1118 Improper Initialization vulnerability in multiple products
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function.
local
low complexity
linux debian canonical redhat CWE-665
5.5
5.5