Vulnerabilities > Linux > Linux Kernel > 4.4.3

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-7757 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
local
low complexity
linux CWE-772
5.5
2018-03-08 CVE-2017-18222 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.
local
low complexity
linux CWE-119
7.8
2018-03-08 CVE-2018-7755 Information Exposure vulnerability in multiple products
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7.
local
low complexity
linux canonical CWE-200
5.5
2018-03-07 CVE-2018-7740 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
local
low complexity
linux redhat debian canonical CWE-119
5.5
2018-03-07 CVE-2017-18221 Improper Input Validation vulnerability in Linux Kernel
The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.
local
low complexity
linux CWE-20
5.5
2018-03-05 CVE-2017-18216 NULL Pointer Dereference vulnerability in Linux Kernel
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
local
low complexity
linux CWE-476
5.5
2018-03-02 CVE-2018-1066 NULL Pointer Dereference vulnerability in multiple products
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
network
low complexity
linux debian canonical CWE-476
6.5
2018-03-02 CVE-2018-1065 NULL Pointer Dereference vulnerability in Linux Kernel
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.
local
high complexity
linux CWE-476
4.7
2018-03-01 CVE-2017-18208 Infinite Loop vulnerability in Linux Kernel
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
local
low complexity
linux CWE-835
5.5
2018-02-27 CVE-2017-18204 Unspecified vulnerability in Linux Kernel
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.
local
low complexity
linux
5.5