U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:3.2.4
There are 1,603 matching records.
Displaying matches 881 through 900.
Vuln ID Summary CVSS Severity
CVE-2018-8043

The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

Published: March 10, 2018; 5:29:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-7995

Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant

Published: March 09, 2018; 10:29:00 AM -0500
V3.0: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2018-7757

Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.

Published: March 08, 2018; 9:29:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-18222

In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.

Published: March 08, 2018; 9:29:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2018-7755

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.

Published: March 08, 2018; 2:29:01 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-7740

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.

Published: March 07, 2018; 3:29:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-18221

The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.

Published: March 07, 2018; 3:29:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-18216

In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.

Published: March 05, 2018; 1:29:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-1066

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.

Published: March 02, 2018; 3:29:00 AM -0500
V3.0: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2018-1065

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.

Published: March 02, 2018; 3:29:00 AM -0500
V3.0: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2017-18208

The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.

Published: March 01, 2018; 12:29:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-18204

The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.

Published: February 27, 2018; 3:29:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-18203

The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.

Published: February 27, 2018; 3:29:00 PM -0500
V3.0: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2018-7492

A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.

Published: February 26, 2018; 3:29:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-18200

The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.

Published: February 25, 2018; 10:29:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-18193

fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.

Published: February 22, 2018; 10:29:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2018-7273

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.

Published: February 20, 2018; 7:29:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2018-6927

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

Published: February 12, 2018; 2:29:01 PM -0500
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2017-18174

In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.

Published: February 11, 2018; 1:29:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-1000026

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

Published: February 09, 2018; 6:29:00 PM -0500
V3.1: 7.7 HIGH
V2.0: 6.8 MEDIUM