Filtered by vendor Linux
Subscribe
Search
Total
1265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7566 | 2 Linux, Novell | 5 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Real Time Extension and 2 more | 2018-10-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. | |||||
| CVE-2018-7755 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2018-10-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. | |||||
| CVE-2017-13695 | 1 Linux | 1 Linux Kernel | 2018-09-11 | 2.1 LOW | 5.5 MEDIUM |
| The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | |||||
| CVE-2017-10911 | 1 Linux | 1 Linux Kernel | 2018-09-07 | 4.9 MEDIUM | 6.5 MEDIUM |
| The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. | |||||
| CVE-2015-8767 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-08-30 | 4.9 MEDIUM | 6.2 MEDIUM |
| net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | |||||
| CVE-2016-2053 | 1 Linux | 1 Linux Kernel | 2018-08-30 | 4.7 MEDIUM | 4.7 MEDIUM |
| The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. | |||||
| CVE-2018-1093 | 1 Linux | 1 Linux Kernel | 2018-08-29 | 7.1 HIGH | 5.5 MEDIUM |
| The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. | |||||
| CVE-2017-16533 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-5549 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2017-16914 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.1 HIGH | 5.9 MEDIUM |
| The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. | |||||
| CVE-2017-16645 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16644 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16643 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16538 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). | |||||
| CVE-2017-16537 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16536 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16535 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16532 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16531 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. | |||||
| CVE-2017-16913 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.1 HIGH | 5.9 MEDIUM |
| The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. | |||||
| CVE-2017-16650 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16529 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16527 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16912 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.1 HIGH | 5.9 MEDIUM |
| The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. | |||||
| CVE-2017-14991 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. | |||||
| CVE-2017-16911 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 1.9 LOW | 4.7 MEDIUM |
| The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. | |||||
| CVE-2016-10208 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 4.9 MEDIUM | 4.3 MEDIUM |
| The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. | |||||
| CVE-2018-12633 | 1 Linux | 1 Linux Kernel | 2018-08-21 | 6.3 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. | |||||
| CVE-2016-10723 | 1 Linux | 1 Linux Kernel | 2018-08-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| ** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle." | |||||
| CVE-2018-12928 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2018-08-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. | |||||
| CVE-2015-8970 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. | |||||
| CVE-2013-7446 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 5.4 MEDIUM | 5.3 MEDIUM |
| Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. | |||||
| CVE-2017-12193 | 1 Linux | 1 Linux Kernel | 2018-07-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. | |||||
| CVE-2017-14106 | 1 Linux | 1 Linux Kernel | 2018-07-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. | |||||
| CVE-2017-18257 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-07-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. | |||||
| CVE-2017-7616 | 1 Linux | 1 Linux Kernel | 2018-06-20 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. | |||||
| CVE-2017-18203 | 1 Linux | 1 Linux Kernel | 2018-06-20 | 1.9 LOW | 4.7 MEDIUM |
| The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. | |||||
| CVE-2016-8650 | 1 Linux | 1 Linux Kernel | 2018-06-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | |||||
| CVE-2018-11232 | 1 Linux | 1 Linux Kernel | 2018-06-19 | 4.9 MEDIUM | 5.5 MEDIUM |
| The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. | |||||
| CVE-2017-0627 | 1 Linux | 1 Linux Kernel | 2018-06-16 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353. | |||||
| CVE-2017-17449 | 1 Linux | 1 Linux Kernel | 2018-05-31 | 1.9 LOW | 4.7 MEDIUM |
| The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. | |||||
| CVE-2017-18221 | 1 Linux | 1 Linux Kernel | 2018-05-31 | 4.9 MEDIUM | 5.5 MEDIUM |
| The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls. | |||||
| CVE-2017-17975 | 1 Linux | 1 Linux Kernel | 2018-05-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. | |||||
| CVE-2017-18193 | 1 Linux | 1 Linux Kernel | 2018-05-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. | |||||
| CVE-2018-10074 | 1 Linux | 1 Linux Kernel | 2018-05-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval. | |||||
| CVE-2016-9191 | 1 Linux | 1 Linux Kernel | 2018-05-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. | |||||
| CVE-2018-1091 | 1 Linux | 1 Linux Kernel | 2018-05-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. | |||||
| CVE-2017-15129 | 1 Linux | 1 Linux Kernel | 2018-05-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. | |||||
| CVE-2017-18224 | 1 Linux | 1 Linux Kernel | 2018-05-03 | 1.9 LOW | 4.7 MEDIUM |
| In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. | |||||
| CVE-2017-16994 | 1 Linux | 1 Linux Kernel | 2018-04-25 | 2.1 LOW | 5.5 MEDIUM |
| The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. | |||||