CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1130 – kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
https://notcve.org/view.php?id=CVE-2018-1130
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. El kernel de Linux en versiones anteriores a la 4.16-rc7 es vulnerable a una desreferencia de puntero NULL en la función dccp_write_xmit() en net/dccp/output.c en la que un usuario local puede provocar una denegación de servicio mediante un número de llamadas del sistema manipuladas. A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls. • https://access.redhat.com/errata/RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2 https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian& • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10940 – kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
https://notcve.org/view.php?id=CVE-2018-10940
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. La función cdrom_ioctl_media_changed en drivers/cdrom/cdrom.c en el kernel de Linux en versiones anteriores a la 4.16.6 permite que atacantes locales empleen una comprobación de límites incorrecta en el ioctl CDROM_MEDIA_CHANGED del controlador CDROM para leer la memoria del kernel. A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 http://www.securityfocus.com/bid/104154 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2018-10675 – kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. La función do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 http://www.securityfocus.com/bid/104093 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2785 https://access.redhat.com/errata/RHSA-2018:2791 https://access.redhat.com/errata/RHSA-2018:2924 https://access.redhat.com/errata/RHSA-2018& • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1108 – Linux RNG Flaws
https://notcve.org/view.php?id=CVE-2018-1108
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. Los controladores de kernel, en versiones anteriores a la 4.17-rc1, son vulnerables a una debilidad en la implementación del kernel de Linux de datos de semilla aleatorios. Los programas, en un estado de arranque temprano, podrían emplear los datos asignados a la semilla antes de que se haya generado lo suficiente. There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. • http://www.securityfocus.com/bid/104055 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://usn.ubuntu.com/3718-1 https://usn.ubuntu.com/3718-2 https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com/3752-3 https://www.debian.org/security/2018/dsa-4188 • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-10323
https://notcve.org/view.php?id=CVE-2018-10323
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. La función xfs_bmap_extents_to_btree en fs/xfs/libxfs/xfs_bmap.c en el kernel de Linux, hasta la versión 4.16.3, permite que usuarios locales provoquen una denegación de servicio (desreferencia de puntero NULL en xfs_bmapi_write) mediante una imagen xfs manipulada. • http://www.securityfocus.com/bid/103959 https://bugzilla.kernel.org/show_bug.cgi?id=199423 https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com/3752-3 https://usn.ubuntu.com/3754-1 https://usn.ubuntu.com/4486-1 https://www.debian.org/security/2018/dsa-4188 https://www.spinics.net/lists/linux-xfs/msg17254.html • CWE-476: NULL Pointer Dereference •