National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.4.0:test4
There are 1,317 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2018-7755

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.

Published: March 08, 2018; 02:29:01 AM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-7740

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.

Published: March 07, 2018; 03:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-18221

The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.

Published: March 07, 2018; 03:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-18218

In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.

Published: March 05, 2018; 03:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-18216

In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.

Published: March 05, 2018; 01:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-1066

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.

Published: March 02, 2018; 03:29:00 AM -05:00
V3: 6.5 MEDIUM
V2: 7.1 HIGH
CVE-2018-1065

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.

Published: March 02, 2018; 03:29:00 AM -05:00
V3: 4.7 MEDIUM
V2: 4.7 MEDIUM
CVE-2017-18208

The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.

Published: March 01, 2018; 12:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-18204

The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.

Published: February 27, 2018; 03:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-18203

The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.

Published: February 27, 2018; 03:29:00 PM -05:00
V3: 4.7 MEDIUM
V2: 1.9 LOW
CVE-2017-18202

The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.

Published: February 27, 2018; 01:29:00 AM -05:00
V3: 7.0 HIGH
V2: 6.9 MEDIUM
CVE-2018-7492

A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.

Published: February 26, 2018; 03:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2017-18200

The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.

Published: February 25, 2018; 10:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2018-7480

The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.

Published: February 25, 2018; 03:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-18193

fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.

Published: February 22, 2018; 10:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2018-7273

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.

Published: February 20, 2018; 07:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2018-6927

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

Published: February 12, 2018; 02:29:01 PM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2017-18174

In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.

Published: February 11, 2018; 01:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-6412

In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.

Published: January 31, 2018; 02:29:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-18079

drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.

Published: January 29, 2018; 12:29:00 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH