CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » 2.6.18 RC2 : Security Vulnerabilities

Cpe Name:cpe:/o:linux:linux_kernel:2.6.18:rc2
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-11884 77 +Info 2019-05-10 2019-05-20
2.1
None Local Low Not required Partial None None
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
2 CVE-2019-11815 362 2019-05-08 2019-05-20
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
3 CVE-2019-11811 416 2019-05-07 2019-05-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.
4 CVE-2019-11810 476 DoS 2019-05-07 2019-05-10
7.8
None Remote Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
5 CVE-2019-11599 362 DoS +Info 2019-04-29 2019-05-17
6.9
None Local Medium Not required Complete Complete Complete
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
6 CVE-2019-11486 362 2019-04-23 2019-05-20
6.9
None Local Medium Not required Complete Complete Complete
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
7 CVE-2019-11190 362 Bypass 2019-04-11 2019-04-15
4.7
None Local Medium Not required Complete None None
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.
8 CVE-2019-9003 416 Exec Code 2019-02-22 2019-05-16
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
9 CVE-2019-8956 416 2019-04-01 2019-04-03
7.2
None Local Low Not required Complete Complete Complete
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
10 CVE-2019-7308 189 2019-02-01 2019-04-18
4.7
None Local Medium Not required Complete None None
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
11 CVE-2019-3901 362 Bypass 2019-04-22 2019-05-17
1.9
None Local Medium Not required Partial None None
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
12 CVE-2019-3900 400 2019-04-25 2019-05-17
6.8
None Remote Low Single system None None Complete
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
13 CVE-2018-20836 416 2019-05-07 2019-05-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
14 CVE-2018-20511 200 +Info 2018-12-27 2019-04-01
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
15 CVE-2018-20169 400 2018-12-17 2019-05-06
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
16 CVE-2018-18690 19 2018-10-26 2019-04-03
4.9
None Local Low Not required None None Complete
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.
17 CVE-2018-18397 284 2018-12-12 2019-04-25
2.1
None Local Low Not required None Partial None
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
18 CVE-2018-18386 704 2018-10-17 2019-04-23
2.1
None Local Low Not required None None Partial
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
19 CVE-2018-18021 20 DoS 2018-10-07 2019-04-02
3.6
None Local Low Not required None Partial Partial
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.
20 CVE-2018-16882 416 +Priv 2019-01-03 2019-04-23
7.2
None Local Low Not required Complete Complete Complete
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.
21 CVE-2018-16658 200 +Info 2018-09-07 2018-11-28
3.6
None Local Low Not required Partial None Partial
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.
22 CVE-2018-16276 20 2018-08-31 2019-01-15
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
23 CVE-2018-15594 254 2018-08-20 2019-05-20
2.1
None Local Low Not required Partial None None
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
24 CVE-2018-15572 254 2018-08-19 2018-10-31
2.1
None Local Low Not required Partial None None
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
25 CVE-2018-14634 190 Overflow 2018-09-25 2018-11-27
7.2
None Local Low Not required Complete Complete Complete
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
26 CVE-2018-14619 20 2018-08-30 2018-10-31
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.
27 CVE-2018-13406 190 Overflow 2018-07-06 2018-08-29
7.2
None Local Low Not required Complete Complete Complete
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
28 CVE-2018-12904 264 DoS 2018-06-27 2018-08-29
4.4
None Local Medium Not required Partial Partial Partial
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
29 CVE-2018-11508 200 +Info 2018-05-28 2019-01-22
2.1
None Local Low Not required Partial None None
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
30 CVE-2018-11232 20 DoS 2018-05-18 2018-06-19
4.9
None Local Low Not required None None Complete
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
31 CVE-2018-10940 119 Overflow 2018-05-09 2018-10-31
4.9
None Local Low Not required None None Complete
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
32 CVE-2018-10883 787 DoS 2018-07-30 2018-10-31
4.9
None Local Low Not required None None Complete
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
33 CVE-2018-10881 119 DoS Overflow 2018-07-26 2019-03-28
4.9
None Local Low Not required None None Complete
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
34 CVE-2018-10880 787 DoS 2018-07-25 2019-04-01
7.1
None Remote Medium Not required None None Complete
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
35 CVE-2018-10879 416 DoS 2018-07-26 2018-10-31
6.1
None Local Low Not required Partial Partial Complete
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
36 CVE-2018-10878 787 DoS 2018-07-26 2018-10-31
6.1
None Local Low Not required Partial Partial Complete
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
37 CVE-2018-10853 264 2018-09-11 2019-05-20
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.
38 CVE-2018-10675 416 DoS 2018-05-02 2019-04-16
7.2
None Local Low Not required Complete Complete Complete
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
39 CVE-2018-10124 119 DoS Overflow 2018-04-16 2018-08-24
2.1
None Local Low Not required None None Partial
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
40 CVE-2018-10087 20 DoS 2018-04-13 2018-08-24
2.1
None Local Low Not required None None Partial
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
41 CVE-2018-10074 476 DoS 2018-04-12 2018-05-22
4.9
None Local Low Not required None None Complete
The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.
42 CVE-2018-10021 399 DoS 2018-04-11 2018-08-24
4.9
None Local Low Not required None None Complete
** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables.
43 CVE-2018-7480 415 DoS 2018-02-25 2018-05-23
7.2
None Local Low Not required Complete Complete Complete
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
44 CVE-2018-7191 476 DoS 2019-05-17 2019-05-20
4.9
None Local Low Not required None None Complete
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
45 CVE-2018-6927 190 DoS Overflow 2018-02-12 2018-07-12
4.6
None Local Low Not required Partial Partial Partial
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
46 CVE-2018-6555 416 DoS 2018-09-04 2018-10-25
7.2
None Local Low Not required Complete Complete Complete
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.
47 CVE-2018-6554 399 DoS 2018-09-04 2018-10-25
4.9
None Local Low Not required None None Complete
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
48 CVE-2018-1130 476 DoS 2018-05-10 2018-10-31
4.9
None Local Low Not required None None Complete
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
49 CVE-2018-1120 119 DoS Overflow 2018-06-20 2018-10-31
3.5
None Remote Medium Single system None None Partial
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
50 CVE-2017-18360 369 DoS 2019-01-31 2019-04-17
4.9
None Local Low Not required None None Complete
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
Total number of vulnerabilities : 394   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.