Vulnerabilities > Linux > Linux Kernel > 4.9.125
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2017-18257 | Integer Overflow or Wraparound vulnerability in Linux Kernel The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. | 4.9 |
| 2018-04-02 | CVE-2018-1095 | NULL Pointer Dereference vulnerability in Linux Kernel The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. | 5.5 |
| 2018-04-02 | CVE-2018-1094 | NULL Pointer Dereference vulnerability in multiple products The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. | 5.5 |
| 2018-04-02 | CVE-2018-1093 | Out-of-bounds Read vulnerability in Linux Kernel The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. | 7.1 |
| 2018-04-02 | CVE-2018-1092 | NULL Pointer Dereference vulnerability in Linux Kernel The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. | 5.5 |
| 2018-03-31 | CVE-2017-18255 | Integer Overflow or Wraparound vulnerability in Linux Kernel The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. | 4.6 |
| 2018-03-27 | CVE-2018-1091 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. | 4.9 |
| 2018-03-26 | CVE-2017-18249 | Race Condition vulnerability in Linux Kernel The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. | 4.4 |
| 2018-03-21 | CVE-2017-18241 | NULL Pointer Dereference vulnerability in Linux Kernel fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. | 4.9 |
| 2018-03-15 | CVE-2017-18232 | Unspecified vulnerability in Linux Kernel The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. | 2.1 |