CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18257
https://notcve.org/view.php?id=CVE-2017-18257
04 Apr 2018 — The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. La función __get_data_block en fs/f2fs/data.c en el kernel de Linux, en versiones anteriores a la 4.11, permite que usuarios locales provoquen una denegación de servicio (desbordamiento de enteros y bucle) mediante el uso manipulado de las llamadas del sistema open y fall... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1093
https://notcve.org/view.php?id=CVE-2018-1093
02 Apr 2018 — The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. La función ext4_valid_block_bitmap en fs/ext4/balloc.c en el kernel de Linux hasta la versión 4.15.15 permite que los atacantes provoquen un denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) mediante una imagen... • http://openwall.com/lists/oss-security/2018/03/29/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2018-1094 – kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-1094
02 Apr 2018 — The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. La función ext4_fill_super en fs/ext4/super.c en el kernel de Linux hasta la versión 4.15.15 no inicializa siempre el controlador de las sumas de verificación crc32c, lo que permite que los atacantes provoquen una denegación de s... • http://openwall.com/lists/oss-security/2018/03/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1092 – kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-1092
02 Apr 2018 — The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. La función ext4_iget en fs/ext4/inode.c en el kernel de Linux hasta la versión 4.15.15 gestiona de manera incorrecta el caso de un directorio root con un i_lnks_count igual a cero, lo que permite que los atacantes provoquen una d... • http://openwall.com/lists/oss-security/2018/03/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1095 – kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-1095
02 Apr 2018 — The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. La función ext4_xattr_check_entries en fs/ext4/xattr.c en el kernel de Linux hasta la versión 4.15.15 no valida correctamente los tamaños de xattr, lo que provoca una malinterpret... • http://openwall.com/lists/oss-security/2018/03/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18255
https://notcve.org/view.php?id=CVE-2017-18255
31 Mar 2018 — The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. La función perf_cpu_time_max_percent_handler en kernel/events/core.c en el kernel de Linux en versiones anteriores a la 4.11 permite que los usuarios locales provoquen una denegación de servicio (desbordamiento de enteros) o... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1091 – kernel: guest kernel crash during core dump on POWER9 host
https://notcve.org/view.php?id=CVE-2018-1091
27 Mar 2018 — In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. En la función flush_tmregs_to_thread en arch/powerpc/kernel/ptrace.c en el kernel de Linux, en versiones anteriores a la 4.13.5, se puede desencad... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391: Unchecked Error Condition •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18249
https://notcve.org/view.php?id=CVE-2017-18249
26 Mar 2018 — The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. La función add_free_nid en fs/f2fs/noce.c en el kernel de Linux, en versiones anteriores a la 4.12, no rastrea correctamente un nid asignado, lo cual podría permitir a los usuarios locales provocar una denegación de servicio (condición de carrera) o, posibl... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18241
https://notcve.org/view.php?id=CVE-2017-18241
21 Mar 2018 — fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. fs/f2fs/segment.c en el kernel de Linux, en versiones anteriores a la 4.13, permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL y pánico) mediante el uso de una opción noflush_merge que desencadena un valor NULL para una estructura d... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2018-8822
https://notcve.org/view.php?id=CVE-2018-8822
20 Mar 2018 — Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. Manipulación incorrecta de longitud de búfer en la función ncp_read_kernel en fs/ncpfs/ncplib_kernel.c en el kernel de Linux hasta la versión 4.15.11 y en drivers/staging/ncpfs/ncplib_kernel.c en el kernel de... • http://www.openwall.com/lists/oss-security/2022/12/27/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •