Vulnerabilities > Linux > Linux Kernel > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2018-14609 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.10.
local
low complexity
linux debian canonical CWE-476
5.5
5.5
2018-07-26 CVE-2017-18344 Out-of-bounds Read vulnerability in multiple products
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read).
local
low complexity
linux canonical redhat CWE-125
5.5
5.5
2018-07-26 CVE-2018-10881 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
debian canonical linux redhat CWE-787
5.5
5.5
2018-07-26 CVE-2018-10876 Use After Free vulnerability in multiple products
A flaw was found in Linux kernel in the ext4 filesystem code.
local
low complexity
linux canonical debian CWE-416
5.5
5.5
2018-07-25 CVE-2018-10880 Out-of-bounds Write vulnerability in multiple products
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data().
local
low complexity
debian linux redhat canonical CWE-787
5.5
5.5
2018-07-18 CVE-2018-10877 Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
local
low complexity
canonical linux debian redhat
6.5
6.5
2018-07-16 CVE-2018-10840 Heap-based Buffer Overflow vulnerability in multiple products
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function.
low complexity
linux canonical redhat CWE-122
6.6
6.6
2018-07-11 CVE-2016-9604 Improper Verification of Cryptographic Signature vulnerability in Linux Kernel
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring.
local
low complexity
linux CWE-347
4.4
4.4
2018-07-03 CVE-2018-13100 Divide By Zero vulnerability in multiple products
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.
local
low complexity
linux debian CWE-369
5.5
5.5
2018-07-03 CVE-2018-13099 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4.
local
low complexity
linux debian opensuse canonical CWE-125
5.5
5.5