CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux : Security Vulnerabilities Published In 2018 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000004 362 DoS 2018-01-16 2018-05-03
7.1
None Remote Medium Not required None None Complete
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
2 CVE-2018-11506 119 DoS Overflow 2018-05-28 2018-07-19
7.2
None Local Low Not required Complete Complete Complete
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.
3 CVE-2018-11232 20 DoS 2018-05-18 2018-06-19
4.9
None Local Low Not required None None Complete
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
4 CVE-2018-10675 416 DoS 2018-05-02 2018-07-11
7.2
None Local Low Not required Complete Complete Complete
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
5 CVE-2018-10323 476 DoS 2018-04-24 2018-06-11
4.9
None Local Low Not required None None Complete
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
6 CVE-2018-10322 476 DoS 2018-04-24 2018-06-11
4.9
None Local Low Not required None None Complete
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
7 CVE-2018-10124 119 DoS Overflow 2018-04-16 2018-07-19
2.1
None Local Low Not required None None Partial
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
8 CVE-2018-10087 20 DoS 2018-04-13 2018-07-19
2.1
None Local Low Not required None None Partial
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
9 CVE-2018-10074 476 DoS 2018-04-12 2018-05-22
4.9
None Local Low Not required None None Complete
The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.
10 CVE-2018-10021 399 DoS 2018-04-11 2018-07-19
4.9
None Local Low Not required None None Complete
** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables.
11 CVE-2018-8087 399 DoS 2018-03-13 2018-06-15
4.9
None Local Low Not required None None Complete
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
12 CVE-2018-8043 476 DoS 2018-03-10 2018-05-09
2.1
None Local Low Not required None None Partial
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
13 CVE-2018-7995 362 DoS 2018-03-09 2018-05-23
4.7
None Local Medium Not required None None Complete
** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant.
14 CVE-2018-7757 399 DoS 2018-03-08 2018-07-12
2.1
None Local Low Not required None None Partial
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
15 CVE-2018-7740 119 DoS Overflow 2018-03-07 2018-05-03
4.9
None Local Low Not required None None Complete
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
16 CVE-2018-7480 415 DoS 2018-02-25 2018-05-23
7.2
None Local Low Not required Complete Complete Complete
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
17 CVE-2018-6927 190 DoS Overflow 2018-02-12 2018-07-12
4.6
None Local Low Not required Partial Partial Partial
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
18 CVE-2018-5703 787 DoS 2018-01-16 2018-02-15
10.0
None Remote Low Not required Complete Complete Complete
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.
19 CVE-2018-5344 416 DoS 2018-01-12 2018-04-24
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
20 CVE-2018-1130 476 DoS 2018-05-10 2018-07-19
4.9
None Local Low Not required None None Complete
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
21 CVE-2018-1095 476 DoS 2018-04-01 2018-07-03
7.1
None Remote Medium Not required None None Complete
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
22 CVE-2018-1094 476 DoS 2018-04-01 2018-07-03
7.1
None Remote Medium Not required None None Complete
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
23 CVE-2018-1093 125 DoS 2018-04-01 2018-07-16
7.1
None Remote Medium Not required None None Complete
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
24 CVE-2018-1092 476 DoS 2018-04-01 2018-06-15
7.1
None Remote Medium Not required None None Complete
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
25 CVE-2018-1091 119 DoS Overflow 2018-03-27 2018-05-09
4.9
None Local Low Not required None None Complete
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.
26 CVE-2018-1065 476 DoS 2018-03-02 2018-05-23
4.7
None Local Medium Not required None None Complete
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.
27 CVE-2017-18270 255 DoS 2018-05-18 2018-06-19
3.6
None Local Low Not required None Partial Partial
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
28 CVE-2017-18261 399 DoS 2018-04-19 2018-05-22
4.9
None Local Low Not required None None Complete
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
29 CVE-2017-18257 190 DoS Overflow 2018-04-04 2018-07-03
4.9
None Local Low Not required None None Complete
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
30 CVE-2017-18255 190 DoS Overflow 2018-03-31 2018-07-19
4.6
None Local Low Not required Partial Partial Partial
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.
31 CVE-2017-18249 362 DoS 2018-03-26 2018-04-18
4.4
None Local Medium Not required Partial Partial Partial
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
32 CVE-2017-18241 476 DoS 2018-03-21 2018-05-02
4.9
None Local Low Not required None None Complete
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
33 CVE-2017-18232 388 DoS 2018-03-15 2018-05-02
2.1
None Local Low Not required None None Partial
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
34 CVE-2017-18224 362 DoS 2018-03-11 2018-05-02
1.9
None Local Medium Not required None None Partial
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
35 CVE-2017-18222 119 DoS Overflow Mem. Corr. 2018-03-08 2018-05-23
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.
36 CVE-2017-18221 20 DoS 2018-03-07 2018-05-30
4.9
None Local Low Not required None None Complete
The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.
37 CVE-2017-18218 416 DoS 2018-03-05 2018-05-02
7.2
None Local Low Not required Complete Complete Complete
In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.
38 CVE-2017-18216 476 DoS 2018-03-05 2018-05-03
2.1
None Local Low Not required None None Partial
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
39 CVE-2017-18208 399 DoS 2018-03-01 2018-05-30
4.9
None Local Low Not required None None Complete
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
40 CVE-2017-18204 399 DoS 2018-02-27 2018-05-30
2.1
None Local Low Not required None None Partial
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.
41 CVE-2017-18203 362 DoS 2018-02-27 2018-06-19
1.9
None Local Medium Not required None None Partial
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
42 CVE-2017-18202 416 DoS 2018-02-27 2018-03-17
10.0
None Remote Low Not required Complete Complete Complete
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
43 CVE-2017-18200 20 DoS 2018-02-25 2018-03-16
4.9
None Local Low Not required None None Complete
The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.
44 CVE-2017-18193 119 DoS Overflow 2018-02-22 2018-05-23
4.9
None Local Low Not required None None Complete
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
45 CVE-2017-18079 476 DoS 2018-01-29 2018-05-30
7.2
None Local Low Not required Complete Complete Complete
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
46 CVE-2017-18075 399 DoS 2018-01-24 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
47 CVE-2017-18017 416 DoS Mem. Corr. 2018-01-03 2018-05-30
10.0
None Remote Low Not required Complete Complete Complete
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
48 CVE-2017-16914 476 DoS 2018-01-31 2018-05-03
7.1
None Remote Medium Not required None None Complete
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
49 CVE-2017-16913 119 DoS Overflow 2018-01-31 2018-05-03
7.1
None Remote Medium Not required None None Complete
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.
50 CVE-2017-16912 125 DoS 2018-01-31 2018-05-03
7.1
None Remote Medium Not required None None Complete
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
Total number of vulnerabilities : 53   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.