CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5873
https://notcve.org/view.php?id=CVE-2018-5873
An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. Debido a una condición de carrera al acceder a los archivos en todas las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM y QRD Android) que utilizan el kernel de Linux antes del parche de seguridad de nivel del 05/07/2018, puede ocurrir una condición de uso de memoria previamente liberada en el kernel. • https://github.com/Trinadh465/linux-4.1.15_CVE-2018-5873 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073c516ff73557a8f7315066856c04b50383ac34 https://github.com/torvalds/linux/commit/073c516ff73557a8f7315066856c04b50383ac34 https://source.android.com/security/bulletin/2018-07-01 https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=34742aaf7cb16c95edba4a7afed6d2c4fa7e434b https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-13406
https://notcve.org/view.php?id=CVE-2018-13406
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. Un desbordamiento de enteros en la función uvesafb_setcmap en drivers/video/fbdev/uvesafb.c en el kernel de Linux en versiones anteriores a la 4.17.4 podría resultar en que los atacantes locales puedan cerrar inesperadamente el kernel o elevar privilegios debido a que no se emplea kmalloc_array. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713 http://www.securityfocus.com/bid/104685 http://www.securitytracker.com/id/1041355 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4 https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com& • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13093 – kernel: NULL pointer dereference in lookup_slow function
https://notcve.org/view.php?id=CVE-2018-13093
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. Se ha descubierto un problema en fs/xfs/xfs_icache.c en el kernel de Linux hasta la versión 4.17.3. Existe una desreferencia de puntero NULL y pánico en lookup_slow() en un puntero NULL inode->i_ops cuando se navega por rutas en una imagen xfs corrupta. • https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://bugzilla.kernel.org/show_bug.cgi?id=199367 https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff https://github.com/torvalds/linux/commit/afca6c5b2595fc44383919fba740c194b0b76aff https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4118-1 https://access.re • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13098
https://notcve.org/view.php?id=CVE-2018-13098
An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. Se ha descubierto un problema en fs/f2fs/inode.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir una denegación de servicio (lectura fuera de límites de slab y BUG) para una imagen de sistema de archivos f2fs modificada en el que FI_EXTRA_ATTR está establecido en un inode. • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html https://bugzilla.kernel.org/show_bug.cgi?id=200173 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76d56d4ab4f2a9e4f085c7d77172194ddaccf7d2 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4118-1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13095 – kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c
https://notcve.org/view.php?id=CVE-2018-13095
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. Se ha descubierto un problema en fs/xfs/libxfs/xfs_inode_buf.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir una denegación de servicio (corrupción de memoria y BUG) para una imagen xfs corrupta después de encontrarse con un inode con formato extendido, pero tiene más extensiones que cabrían en el fork inode. An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel. • https://access.redhat.com/errata/RHSA-2019:1350 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://bugzilla.kernel.org/show_bug.cgi?id=199915 https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=23fcb3340d033d9f081e21e6c12c2db7eaa541d3 https://github.com/torvalds/linux/commit/23fcb3340d033d9f081e21e6c12c2db7eaa541d3 https://access.redhat.com/security/cve/CVE-2018-13095 https://bugzilla.redhat.com/show_bug.cgi?id=1597775 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •