Filtered by vendor Linux
Subscribe
Search
Total
1265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17741 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-04-25 | 2.1 LOW | 6.5 MEDIUM |
| The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | |||||
| CVE-2018-3626 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2018-04-18 | 1.9 LOW | 4.7 MEDIUM |
| Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information. | |||||
| CVE-2017-15116 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2018-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | |||||
| CVE-2017-14140 | 1 Linux | 1 Linux Kernel | 2018-04-12 | 2.1 LOW | 5.5 MEDIUM |
| The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. | |||||
| CVE-2017-1000255 | 2 Ibm, Linux | 3 Powerpc Power8, Powerpc Power9, Linux Kernel | 2018-04-11 | 6.6 MEDIUM | 5.5 MEDIUM |
| On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. | |||||
| CVE-2017-16646 | 1 Linux | 1 Linux Kernel | 2018-04-07 | 7.2 HIGH | 6.6 MEDIUM |
| drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16528 | 1 Linux | 1 Linux Kernel | 2018-04-07 | 7.2 HIGH | 6.6 MEDIUM |
| sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-17862 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-04-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. | |||||
| CVE-2017-16647 | 1 Linux | 1 Linux Kernel | 2018-04-06 | 7.2 HIGH | 6.6 MEDIUM |
| drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-18200 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. | |||||
| CVE-2017-14489 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | |||||
| CVE-2015-8952 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 2.1 LOW | 5.5 MEDIUM |
| The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. | |||||
| CVE-2017-14051 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 4.9 MEDIUM | 4.4 MEDIUM |
| An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. | |||||
| CVE-2017-14156 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 2.1 LOW | 5.5 MEDIUM |
| The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. | |||||
| CVE-2017-16525 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 7.2 HIGH | 6.6 MEDIUM |
| The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. | |||||
| CVE-2017-15274 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. | |||||
| CVE-2017-12192 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. | |||||
| CVE-2017-12549 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12546 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12544 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2016-6217 | 2 Linux, Sophos | 2 Linux Kernel, Puremessage | 2018-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0215 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2018-02-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database. | |||||
| CVE-2016-2550 | 1 Linux | 1 Linux Kernel | 2018-01-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312. | |||||
| CVE-2017-15537 | 1 Linux | 1 Linux Kernel | 2018-01-13 | 2.1 LOW | 5.5 MEDIUM |
| The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. | |||||
| CVE-2016-3695 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2018-01-10 | 2.1 LOW | 5.5 MEDIUM |
| The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | |||||
| CVE-2017-16534 | 1 Linux | 1 Linux Kernel | 2018-01-06 | 7.2 HIGH | 6.6 MEDIUM |
| The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2016-6480 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.7 MEDIUM | 5.1 MEDIUM |
| Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. | |||||
| CVE-2016-8646 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. | |||||
| CVE-2017-6951 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. | |||||
| CVE-2017-9242 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | |||||
| CVE-2016-9685 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. | |||||
| CVE-2016-5412 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.6 MEDIUM | 6.5 MEDIUM |
| arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. | |||||
| CVE-2016-7914 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.1 HIGH | 5.5 MEDIUM |
| The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. | |||||
| CVE-2016-7915 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. | |||||
| CVE-2016-6136 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 1.9 LOW | 4.7 MEDIUM |
| Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability. | |||||
| CVE-2016-7097 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 3.6 LOW | 4.4 MEDIUM |
| The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. | |||||
| CVE-2016-7042 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 6.2 MEDIUM |
| The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. | |||||
| CVE-2016-6828 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. | |||||
| CVE-2016-8645 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. | |||||
| CVE-2016-6327 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. | |||||
| CVE-2016-6213 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.7 MEDIUM | 4.7 MEDIUM |
| fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. | |||||
| CVE-2016-8630 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. | |||||
| CVE-2015-8844 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.7 MEDIUM | 5.5 MEDIUM |
| The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | |||||
| CVE-2015-8845 | 3 Linux, Novell, Suse | 8 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 5 more | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | |||||
| CVE-2016-2847 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2018-01-05 | 4.9 MEDIUM | 6.2 MEDIUM |
| fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. | |||||
| CVE-2015-1573 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2016-10147 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). | |||||
| CVE-2015-8374 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 2.1 LOW | 4.0 MEDIUM |
| fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. | |||||
| CVE-2015-8956 | 2 Google, Linux | 2 Android, Linux Kernel | 2018-01-05 | 3.6 LOW | 6.1 MEDIUM |
| The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. | |||||
| CVE-2016-4569 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2018-01-05 | 2.1 LOW | 5.5 MEDIUM |
| The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. | |||||