CVSS: 7.8EPSS: 10%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
14 Aug 2018 — The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versio... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7754
https://notcve.org/view.php?id=CVE-2018-7754
10 Aug 2018 — The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. La función aoedisk_debugfs_show en drivers/block/aoe/aoeblk.c en el kernel de Linux hasta la versión 4.16.4rc4 permite que usuarios locales obtengan información sensible de direcciones mediante la lectura de líneas "ffree: " en un archivo debugfs. • https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5995 – Ubuntu Security Notice USN-5343-1
https://notcve.org/view.php?id=CVE-2018-5995
07 Aug 2018 — The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. La función pcpu_embed_first_chunk en mm/percpu.c en el kernel de Linux hasta la versión 4.14.14 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg desde una llamada printk "pages/cpu". Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kern... • http://www.securityfocus.com/bid/105049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5953
https://notcve.org/view.php?id=CVE-2018-5953
07 Aug 2018 — The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. La función swiotlb_print_info en lib/swiotlb.c en el kernel de Linux hasta la versión 4.14.14 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg desde una llamada printk "software IO TLB". • http://www.securityfocus.com/bid/105045 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 94%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-14734 – kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c
https://notcve.org/view.php?id=CVE-2018-14734
29 Jul 2018 — drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). drivers/infiniband/core/ucma.c en el kernel de Linux hasta la versión 4.17.11 permite que ucma_leave_multicast acceda a cierta estructura de datos tras un paso de limpieza en ucma_process_join, lo que permite que los atacantes provoquen una denegación de servicio (uso ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14612 – Ubuntu Security Notice USN-4094-1
https://notcve.org/view.php?id=CVE-2018-14612
27 Jul 2018 — An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.10. Hay una desreferencia de puntero no válido en btrfs_root_node() cuando se monta una image... • http://www.securityfocus.com/bid/104917 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14610 – Ubuntu Security Notice USN-4094-1
https://notcve.org/view.php?id=CVE-2018-14610
27 Jul 2018 — An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.10. Existe un acceso fuera de límites en write_extent_buffer() cuando se monta y opera una imagen btrfs manipulada d... • http://www.securityfocus.com/bid/104917 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2018-14609 – Ubuntu Security Notice USN-4094-1
https://notcve.org/view.php?id=CVE-2018-14609
27 Jul 2018 — An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.10. Existe una desreferencia de puntero no válido en __del_reloc_root() en fs/btrfs/relocation.c cuando se monta una imagen btrfs manipulada. Esto está relacionado con elimi... • http://www.securityfocus.com/bid/104917 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14616 – Ubuntu Security Notice USN-4094-1
https://notcve.org/view.php?id=CVE-2018-14616
27 Jul 2018 — An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.10. Hay una desreferencia de puntero NULL en fscrypt_do_page_crypto() en fs/crypto/crypto.c cuando se opera en un archivo en una imagen f2fs corrupta. It was discovered that the alarmtimer implementation in the Linux kernel contained an in... • http://www.securityfocus.com/bid/104917 • CWE-476: NULL Pointer Dereference •