CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18224 – Debian Security Advisory 4188-1
https://notcve.org/view.php?id=CVE-2017-18224
12 Mar 2018 — In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. En el kernel de Linux, en versiones anteriores a la 4.15, fs/ocfs2/aops.c omite el uso de un semáforo y, por consiguiente, tiene una condición de carrera al acceder al árbol extent durante las operaciones de lectura en modo DIRECT. Es... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18222 – Debian Security Advisory 4188-1
https://notcve.org/view.php?id=CVE-2017-18222
08 Mar 2018 — In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings. En el kernel de Linux en versiones anteriores a la 4.12, Hisilicon Network Subsystem (HNS) no considera el caso ETH_SS_PRIV_FLAGS a la hora de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18221 – Ubuntu Security Notice USN-3655-1
https://notcve.org/view.php?id=CVE-2017-18221
07 Mar 2018 — The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls. La función __munlock_pagevec en mm/mlock.c en el kernel de Linux, en versiones anteriores a la 4.11.4, permite que usuarios locales provoquen una denegación de servicio (corrupción de contabilidad NR_MLOCK) mediante el uso manipulado de llamadas del sistema mlockall y munlockall. Jann Horn and ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18216 – Ubuntu Security Notice USN-3776-1
https://notcve.org/view.php?id=CVE-2017-18216
05 Mar 2018 — In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. En fs/ocfs2/cluster/nodemanager.c en el kernel de Linux, en versiones anteriores a la 4.15, los usuarios locales pueden provocar una denegación de servicio (desreferencia de puntero NULL y error) debido a que no se emplea un mutex requerido. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not p... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=853bc26a7ea39e354b9f8889ae7ad1492ffa28d2 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18208 – kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service
https://notcve.org/view.php?id=CVE-2017-18208
01 Mar 2018 — The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. La función madvise_willneed en mm/madvise.c en el kernel de Linux, en versiones anteriores a la 4.14.4, permite que usuarios locales provoquen una denegación de servicio (bucle infinito) desencadenando el uso de MADVISE_WILLNEED para un mapeo DAX. The madvise_willneed function in the Linux kernel allows local ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18203 – kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
https://notcve.org/view.php?id=CVE-2017-18203
27 Feb 2018 — The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. La función dm_get_from_kobject en drivers/md/dm.c en el kernel de Linux, en versiones anteriores a la 4.14.3, permite que usuarios locales provoquen una denegación de servicio (bug) aprovechando una condición de carrera en __dm_destroy durante la creación y eliminación de disposit... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18200
https://notcve.org/view.php?id=CVE-2017-18200
26 Feb 2018 — The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. La implementación f2fs en el kernel de Linux, en versiones anteriores a la 4.14, gestiona erróneamente las cuentas asociadas a las llamadas f2fs_wait_discard_bios. Esto permite que usuarios locales provoquen una denegación de servicio (bug), tal y como demuestra fstrim. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18193 – Debian Security Advisory 4188-1
https://notcve.org/view.php?id=CVE-2017-18193
22 Feb 2018 — fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. fs/f2fs/extent_cache.c en el kernel de Linux, en versiones anteriores a la 4.13, gestiona de forma incorrecta los árboles extent, lo que permite que usuarios locales provoquen una denegación de servicio (error) mediante una aplicación con múltiples hilos. USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18174 – Ubuntu Security Notice USN-3848-1
https://notcve.org/view.php?id=CVE-2017-18174
11 Feb 2018 — In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. En el kernel de Linux, en versiones anteriores a la 4.7, la función amd_gpio_remove en drivers/pinctrl/pinctrl-amd.c llama a la función pinctrl_unregister, lo que conduce a una doble liberación (double free). It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of se... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=251e22abde21833b3d29577e4d8c7aaccd650eee • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-18079 – Ubuntu Security Notice USN-3655-1
https://notcve.org/view.php?id=CVE-2017-18079
29 Jan 2018 — drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. drivers/input/serio/i8042.c en el kernel de Linux en versiones anteriores a la 4.12.4 permite que atacantes provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que, posiblemente, tengan otro tipo de imp... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226 • CWE-476: NULL Pointer Dereference •