CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versiones a partir de la 3.9 es vulnerable a un ataque de denegación de servicio (DoS) con tasas bajas de paquetes especialmente modificados que apuntan hacia el reensamblado de fragmentos de IP. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/105108 http://www.securitytracker.com/id/1041476 http://www.securitytracker.com/id/1041637 https://access.redhat.co • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7754
https://notcve.org/view.php?id=CVE-2018-7754
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. La función aoedisk_debugfs_show en drivers/block/aoe/aoeblk.c en el kernel de Linux hasta la versión 4.16.4rc4 permite que usuarios locales obtengan información sensible de direcciones mediante la lectura de líneas "ffree: " en un archivo debugfs. • https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421 https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5953
https://notcve.org/view.php?id=CVE-2018-5953
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. La función swiotlb_print_info en lib/swiotlb.c en el kernel de Linux hasta la versión 4.14.14 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg desde una llamada printk "software IO TLB". • http://www.securityfocus.com/bid/105045 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7d63fb3af87aa67aa7d24466e792f9d7c57d8e79 https://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5995
https://notcve.org/view.php?id=CVE-2018-5995
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. La función pcpu_embed_first_chunk en mm/percpu.c en el kernel de Linux hasta la versión 4.14.14 permite que usuarios locales obtengan información sensible de direcciones leyendo datos dmesg desde una llamada printk "pages/cpu". • http://www.securityfocus.com/bid/105049 https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html https://seclists.org/bugtraq/2019/Aug/18 https://www.debian.org/security/2019/dsa-4497 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-10883 – kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function
https://notcve.org/view.php?id=CVE-2018-10883
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. Se ha encontrado un error en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar una escritura fuera de límites en jbd2_journal_dirty_metadata, una denegación de servicio (DoS) y un cierre inesperado del sistema montando y operando una imagen del sistema de archivos ext4 manipulada. A flaw was found in the Linux kernel's ext4 filesystem. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a https://lists.debian.org/debian-lts-announce/2018/07/msg • CWE-787: Out-of-bounds Write •