National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.20.20
There are 1,389 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2018-14611

An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c.

Published: July 27, 2018; 12:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 7.1 HIGH
CVE-2018-14610

An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c.

Published: July 27, 2018; 12:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 7.1 HIGH
CVE-2018-14609

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.

Published: July 27, 2018; 12:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 7.1 HIGH
CVE-2017-18344

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

Published: July 26, 2018; 03:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-10881

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Published: July 26, 2018; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2018-10879

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

Published: July 26, 2018; 02:29:00 PM -04:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-10878

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.

Published: July 26, 2018; 02:29:00 PM -04:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-10880

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

Published: July 25, 2018; 09:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 7.1 HIGH
CVE-2016-9604

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

Published: July 11, 2018; 09:29:00 AM -04:00
V3: 4.4 MEDIUM
V2: 2.1 LOW
CVE-2018-13406

An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.

Published: July 06, 2018; 10:29:01 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-13405

The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Published: July 06, 2018; 10:29:01 AM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-13100

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.

Published: July 03, 2018; 06:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-13099

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

Published: July 03, 2018; 06:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-13098

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.

Published: July 03, 2018; 06:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-13097

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).

Published: July 03, 2018; 06:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-13096

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

Published: July 03, 2018; 06:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-13095

An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.

Published: July 03, 2018; 06:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-13094

An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.

Published: July 03, 2018; 06:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-13093

An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.

Published: July 03, 2018; 06:29:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-12896

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.

Published: July 02, 2018; 01:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW