CVE-2018-16884
|
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Published:
December 18, 2018; 05:29:04 PM -05:00
|
V3: 8.0 HIGH
V2: 6.7 MEDIUM
|
CVE-2017-7482
|
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
Published:
July 30, 2018; 10:29:02 AM -04:00
|
V3: 7.8 HIGH
V2: 7.2 HIGH
|
CVE-2018-1120
|
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
Published:
June 20, 2018; 09:29:00 AM -04:00
|
V3: 5.3 MEDIUM
V2: 3.5 LOW
|
CVE-2014-8171
|
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
Published:
February 09, 2018; 05:29:00 PM -05:00
|
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2017-15128
|
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
Published:
January 14, 2018; 01:29:00 AM -05:00
|
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2017-15127
|
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
Published:
January 14, 2018; 01:29:00 AM -05:00
|
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2017-15115
|
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
Published:
November 15, 2017; 04:29:00 PM -05:00
|
V3: 7.8 HIGH
V2: 7.2 HIGH
|
CVE-2015-7837
|
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
Published:
September 19, 2017; 12:29:00 PM -04:00
|
V3: 5.5 MEDIUM
V2: 2.1 LOW
|
CVE-2015-7553
|
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.
Published:
September 14, 2017; 12:29:00 PM -04:00
|
V3: 4.7 MEDIUM
V2: 4.7 MEDIUM
|
CVE-2016-3699
|
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
Published:
October 07, 2016; 10:59:03 AM -04:00
|
V3: 7.4 HIGH
V2: 6.9 MEDIUM
|
CVE-2016-4470
|
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Published:
June 27, 2016; 06:59:08 AM -04:00
|
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2014-3153
|
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Published:
June 07, 2014; 10:55:27 AM -04:00
|
V2: 7.2 HIGH
|
CVE-2014-3940
|
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
Published:
June 05, 2014; 01:55:07 PM -04:00
|
V2: 4.0 MEDIUM
|
CVE-2014-3917
|
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
Published:
June 05, 2014; 01:55:07 PM -04:00
|
V2: 3.3 LOW
|
CVE-2011-4930
|
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
Published:
February 10, 2014; 01:15:09 PM -05:00
|
V2: 4.4 MEDIUM
|
CVE-2013-4255
|
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
Published:
October 11, 2013; 06:55:39 PM -04:00
|
V2: 3.5 LOW
|
CVE-2013-4345
|
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
Published:
October 10, 2013; 06:55:06 AM -04:00
|
V2: 5.8 MEDIUM
|
CVE-2013-1909
|
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Published:
August 23, 2013; 12:55:07 PM -04:00
|
V2: 5.8 MEDIUM
|
CVE-2013-2164
|
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
Published:
July 04, 2013; 05:55:00 PM -04:00
|
V2: 2.1 LOW
|
CVE-2013-3301
|
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
Published:
April 29, 2013; 10:55:04 AM -04:00
|
V2: 7.2 HIGH
|