Vulnerabilities > Linux > Linux Kernel > 4.9.139

DATE CVE VULNERABILITY TITLE RISK
2018-04-02 CVE-2018-1092 NULL Pointer Dereference vulnerability in Linux Kernel
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
local
low complexity
linux CWE-476
5.5
2018-03-31 CVE-2017-18255 Integer Overflow or Wraparound vulnerability in Linux Kernel
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.
local
low complexity
linux CWE-190
4.6
2018-03-27 CVE-2018-1091 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.
local
low complexity
linux CWE-119
4.9
2018-03-26 CVE-2017-18249 Race Condition vulnerability in Linux Kernel
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
4.4
2018-03-21 CVE-2017-18241 NULL Pointer Dereference vulnerability in Linux Kernel
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
local
low complexity
linux debian canonical CWE-476
4.9
2018-03-15 CVE-2017-18232 Unspecified vulnerability in Linux Kernel
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
local
low complexity
linux
2.1
2018-03-13 CVE-2018-8087 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
local
low complexity
linux debian canonical CWE-772
4.9
2018-03-12 CVE-2017-18224 Race Condition vulnerability in Linux Kernel
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
local
linux CWE-362
1.9
2018-03-10 CVE-2018-8043 NULL Pointer Dereference vulnerability in Linux Kernel
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
local
low complexity
linux canonical CWE-476
2.1
2018-03-09 CVE-2018-7995 Race Condition vulnerability in multiple products
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory.
local
high complexity
linux canonical debian CWE-362
4.7