Vulnerabilities > Linux > Linux Kernel > 4.4.95
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-12 | CVE-2018-12233 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. | 7.8 |
2018-06-12 | CVE-2018-12232 | Race Condition vulnerability in Linux Kernel In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. | 5.9 |
2018-05-28 | CVE-2018-11508 | Information Exposure vulnerability in multiple products The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | 5.5 |
2018-05-18 | CVE-2017-18270 | Unspecified vulnerability in Linux Kernel In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. | 7.1 |
2018-05-18 | CVE-2018-11232 | Improper Input Validation vulnerability in Linux Kernel The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. | 5.5 |
2018-05-09 | CVE-2018-10940 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. | 5.5 |
2018-04-24 | CVE-2018-10323 | NULL Pointer Dereference vulnerability in multiple products The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. | 5.5 |
2018-04-24 | CVE-2018-10322 | NULL Pointer Dereference vulnerability in multiple products The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. | 5.5 |
2018-04-23 | CVE-2018-8781 | Integer Overflow or Wraparound vulnerability in multiple products The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. | 7.8 |
2018-04-19 | CVE-2017-18261 | Infinite Loop vulnerability in Linux Kernel The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER. | 5.5 |