Vulnerabilities > Linux > Linux Kernel > 4.4.153

DATE CVE VULNERABILITY TITLE RISK
2018-05-18 CVE-2017-18270 Unspecified vulnerability in Linux Kernel
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
local
low complexity
linux
7.1
2018-05-18 CVE-2018-11232 Improper Input Validation vulnerability in Linux Kernel
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
local
low complexity
linux CWE-20
5.5
2018-05-09 CVE-2018-10940 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
local
low complexity
linux debian CWE-119
5.5
2018-04-24 CVE-2018-10323 NULL Pointer Dereference vulnerability in multiple products
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
local
low complexity
linux canonical debian CWE-476
5.5
2018-04-24 CVE-2018-10322 NULL Pointer Dereference vulnerability in multiple products
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
local
low complexity
linux redhat CWE-476
5.5
2018-04-19 CVE-2017-18261 Infinite Loop vulnerability in Linux Kernel
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
local
low complexity
linux CWE-835
5.5
2018-04-16 CVE-2018-10124 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
local
low complexity
linux debian canonical CWE-119
5.5
2018-04-13 CVE-2018-10087 Improper Input Validation vulnerability in multiple products
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
local
low complexity
linux debian canonical CWE-20
5.5
2018-04-04 CVE-2017-18257 Integer Overflow or Wraparound vulnerability in multiple products
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
local
low complexity
linux debian CWE-190
5.5
2018-04-02 CVE-2018-1095 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5