CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5873
https://notcve.org/view.php?id=CVE-2018-5873
06 Jul 2018 — An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. Debido a una condición de carrera al acceder a los archivos en todas las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM y QRD Android) que util... • https://github.com/Trinadh465/linux-4.1.15_CVE-2018-5873 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
06 Jul 2018 — The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non... • https://www.exploit-db.com/exploits/45033 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-13406
https://notcve.org/view.php?id=CVE-2018-13406
06 Jul 2018 — An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. Un desbordamiento de enteros en la función uvesafb_setcmap en drivers/video/fbdev/uvesafb.c en el kernel de Linux en versiones anteriores a la 4.17.4 podría resultar en que los atacantes locales puedan cerrar inesperadamente el kernel o elevar privilegios debid... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13093 – kernel: NULL pointer dereference in lookup_slow function
https://notcve.org/view.php?id=CVE-2018-13093
03 Jul 2018 — An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. Se ha descubierto un problema en fs/xfs/xfs_icache.c en el kernel de Linux hasta la versión 4.17.3. Existe una desreferencia de puntero NULL y pánico en lookup_slow() en un puntero NULL inod... • https://access.redhat.com/errata/RHSA-2019:2029 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-13094 – kernel: NULL pointer dereference in xfs_da_shrink_inode function
https://notcve.org/view.php?id=CVE-2018-13094
03 Jul 2018 — An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. Se ha descubierto un problema en fs/xfs/libxfs/xfs_attr_leaf.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir un OOPS para una imagen xfs corrupta después de que se llame a xfs_da_shrink_inode() con un bp NULL. An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kern... • https://access.redhat.com/errata/RHSA-2019:0831 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13098
https://notcve.org/view.php?id=CVE-2018-13098
03 Jul 2018 — An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. Se ha descubierto un problema en fs/f2fs/inode.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir una denegación de servicio (lectura fuera de límites de slab y BUG) para una imagen de sistema de archivos f2fs modificada en el que FI_EXTRA_ATTR está establecido en un inode. • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13095 – kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c
https://notcve.org/view.php?id=CVE-2018-13095
03 Jul 2018 — An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. Se ha descubierto un problema en fs/xfs/libxfs/xfs_inode_buf.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir una denegación de servicio (corrupción de memoria y BUG) para una imagen xfs corrupta después de encontrarse ... • https://access.redhat.com/errata/RHSA-2019:1350 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13097
https://notcve.org/view.php?id=CVE-2018-13097
03 Jul 2018 — An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG). Se ha descubierto un problema en fs/f2fs/super.c en el kernel de Linux hasta la versión 4.17.3. Existe una error de lectura fuera de límites o de división entre cero para un user_block_count incorrecto en una imagen f2fs corrupta, conduciendo a una denegación de servicio (BUG)... • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html • CWE-125: Out-of-bounds Read CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-13099
https://notcve.org/view.php?id=CVE-2018-13099
03 Jul 2018 — An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. Se ha descubierto un problema en fs/f2fs/inline.c en el kernel de Linux hasta la versión 4.4 Puede ocurrir una denegación de servicio (lectura fuera de límites y BUG) para una imagen de sistema de archivos f2fs modificada en el que un inode insertado contiene un blka... • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-13096
https://notcve.org/view.php?id=CVE-2018-13096
03 Jul 2018 — An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. Se ha descubierto un problema en fs/f2fs/super.c en el kernel de Linux hasta la versión 4.14. Puede ocurrir una denegación de servicio (acceso a memoria fuera de límites y BUG) cuando se encuentra un tamaño de mapa de bits anormal cuando se monta una imagen f2fs manipulada • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •