CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-10881 – kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-10881
26 Jul 2018 — A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. Se ha detectado una vulnerabilidad en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar un acceso fuera de límites en la función ext4_get_group_info, una denegación de servicio (DoS) y un cierre inesperado del sistema montando y operando una im... • http://patchwork.ozlabs.org/patch/929792 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2018-10879 – kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file
https://notcve.org/view.php?id=CVE-2018-10879
26 Jul 2018 — A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. Se ha detectado una vulnerabilidad en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar un uso de memoria previamente liberada en la función ext4_xattr_set_entry y puede ocurrir una denegación de servicio (DoS) u otro impacto no especi... • http://patchwork.ozlabs.org/patch/928666 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2018-10878 – kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-10878
26 Jul 2018 — A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. Se ha detectado una vulnerabilidad en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar una escritura fuera de límites y una denegación de servicio (DoS) u otro impacto no especificado montando y operando una imagen del sistema de archivos ext4 manipulado. • http://patchwork.ozlabs.org/patch/929237 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-10901 – kernel: kvm: vmx: host GDT limit corruption
https://notcve.org/view.php?id=CVE-2018-10901
26 Jul 2018 — A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. Se encontró un fallo en el subsistema de virtualización KVM del kernel de Linux. • http://www.securityfocus.com/bid/104905 • CWE-665: Improper Initialization •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 2CVE-2018-10880 – kernel: stack-out-of-bounds write in ext4_update_inline_data function
https://notcve.org/view.php?id=CVE-2018-10880
25 Jul 2018 — Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. El kernel de Linux es vulnerable a una escritura de pila fuera de límites en el código del sistema de archivos al montar y escribir en una imagen ext4 manipulada en ext4_update_inline_data(). Un atacante podría utilizar esto para provocar un cierre inesperado del sistem... • http://patchwork.ozlabs.org/patch/930639 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2018-10877 – kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-10877
18 Jul 2018 — Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. El sistema de archivos ext4 del kernel de Linux es vulnerable a un acceso fuera de límites en la función ext4_ext_drop_refs() al operar en una imagen manipulada del sistema de archivos ext4. A flaw was found in the Linux kernel ext4 filesystem. An out-of-bound access is possible in the ext4_ext_drop_refs() function when operating on a crafted ext4 files... • http://www.securityfocus.com/bid/104878 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5873
https://notcve.org/view.php?id=CVE-2018-5873
06 Jul 2018 — An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. Debido a una condición de carrera al acceder a los archivos en todas las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM y QRD Android) que util... • https://github.com/Trinadh465/linux-4.1.15_CVE-2018-5873 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
06 Jul 2018 — The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non... • https://www.exploit-db.com/exploits/45033 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-13406
https://notcve.org/view.php?id=CVE-2018-13406
06 Jul 2018 — An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. Un desbordamiento de enteros en la función uvesafb_setcmap en drivers/video/fbdev/uvesafb.c en el kernel de Linux en versiones anteriores a la 4.17.4 podría resultar en que los atacantes locales puedan cerrar inesperadamente el kernel o elevar privilegios debid... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-13094 – kernel: NULL pointer dereference in xfs_da_shrink_inode function
https://notcve.org/view.php?id=CVE-2018-13094
03 Jul 2018 — An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. Se ha descubierto un problema en fs/xfs/libxfs/xfs_attr_leaf.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir un OOPS para una imagen xfs corrupta después de que se llame a xfs_da_shrink_inode() con un bp NULL. An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kern... • https://access.redhat.com/errata/RHSA-2019:0831 • CWE-476: NULL Pointer Dereference •