CVSS: 7.8EPSS: 78%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/104976 http://www.securitytracker.com/id/1041424 http://www.securitytracker.com/id/1041434 https://access.redhat.co • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-10883 – kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function
https://notcve.org/view.php?id=CVE-2018-10883
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. Se ha encontrado un error en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar una escritura fuera de límites en jbd2_journal_dirty_metadata, una denegación de servicio (DoS) y un cierre inesperado del sistema montando y operando una imagen del sistema de archivos ext4 manipulada. A flaw was found in the Linux kernel's ext4 filesystem. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a https://lists.debian.org/debian-lts-announce/2018/07/msg • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-14734 – kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c
https://notcve.org/view.php?id=CVE-2018-14734
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). drivers/infiniband/core/ucma.c en el kernel de Linux hasta la versión 4.17.11 permite que ucma_leave_multicast acceda a cierta estructura de datos tras un paso de limpieza en ucma_process_join, lo que permite que los atacantes provoquen una denegación de servicio (uso de memoria previamente liberada). A flaw was found in the Linux Kernel in the ucma_leave_multicast() function in drivers/infiniband/core/ucma.c which allows access to a certain data structure after freeing it in ucma_process_join(). This allows an attacker to cause a use-after-free bug and to induce kernel memory corruption, leading to a system crash or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8 https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3797-1 https://usn.ubuntu.com/3797-2 https://usn.ubuntu.com/38 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-14678
https://notcve.org/view.php?id=CVE-2018-14678
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.11, tal y como se utiliza en Xen hasta las versiones 4.11.x. El punto de entrada de xen_failsafe_callback en arch/x86/entry/entry_64.S no mantiene correctamente el RBX, lo que permite a los usuarios locales provocar una denegación de servicio (uso de memoria no inicializada y cierre inesperado del sistema). • http://www.securityfocus.com/bid/104924 http://www.securitytracker.com/id/1041397 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3931-1 https://usn.ubuntu.com/3931-2 https://www.debian.org/security/2018/dsa-4308 https://xenbits.xen.org/xsa/advisory-274.html • CWE-665: Improper Initialization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14615
https://notcve.org/view.php?id=CVE-2018-14615
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.10. Existe un desbordamiento de búfer en truncate_inline_inode() en fs/f2fs/inline.c cuando se desmonta una imagen f2fs porque un valor de longitud puede ser negativo. • http://www.securityfocus.com/bid/104917 https://bugzilla.kernel.org/show_bug.cgi?id=200421 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4118-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •