Vulnerabilities > Linux > Linux Kernel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-12 | CVE-2018-5803 | Improper Input Validation vulnerability in multiple products In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | 5.5 |
| 2018-06-12 | CVE-2018-12232 | Race Condition vulnerability in Linux Kernel In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. | 5.9 |
| 2018-06-05 | CVE-2018-1000200 | NULL Pointer Dereference vulnerability in Linux Kernel 4.14/4.15/4.16 The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. | 5.5 |
| 2018-05-28 | CVE-2018-11508 | Information Exposure vulnerability in multiple products The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | 5.5 |
| 2018-05-24 | CVE-2018-11412 | Use After Free vulnerability in multiple products In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. | 5.9 |
| 2018-05-24 | CVE-2018-1000199 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. | 5.5 |
| 2018-05-21 | CVE-2018-1108 | Use of Insufficiently Random Values vulnerability in multiple products kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. | 5.9 |
| 2018-05-18 | CVE-2018-11232 | Improper Input Validation vulnerability in Linux Kernel The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. | 5.5 |
| 2018-05-10 | CVE-2018-1118 | Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. | 5.5 |
| 2018-05-10 | CVE-2018-1130 | NULL Pointer Dereference vulnerability in multiple products Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | 5.5 |