Vulnerabilities > Linux > Linux Kernel > 4.9.210.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-07 | CVE-2018-5953 | Information Exposure vulnerability in multiple products The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. | 2.1 |
2018-08-06 | CVE-2018-5390 | Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | 7.5 |
2018-07-27 | CVE-2018-14613 | NULL Pointer Dereference vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 4.17.10. | 7.1 |
2018-07-26 | CVE-2017-18344 | Out-of-bounds Read vulnerability in multiple products The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). | 2.1 |
2018-07-26 | CVE-2018-10881 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel's ext4 filesystem. | 5.5 |
2018-07-26 | CVE-2018-10879 | Use After Free vulnerability in multiple products A flaw was found in the Linux kernel's ext4 filesystem. | 7.8 |
2018-07-26 | CVE-2018-10878 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel's ext4 filesystem. | 7.8 |
2018-07-26 | CVE-2017-7558 | Out-of-bounds Read vulnerability in multiple products A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. | 7.5 |
2018-07-25 | CVE-2018-10880 | Out-of-bounds Write vulnerability in multiple products Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). | 5.5 |
2018-07-11 | CVE-2016-9604 | Improper Verification of Cryptographic Signature vulnerability in Linux Kernel It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. | 4.4 |