The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Linux

computer vulnerability bulletin CVE-2018-10675

Linux kernel: use after free via do_get_mempolicy

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: QRadar SIEM, Junos Space, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-256, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-386, CERTFR-2018-AVI-408, CERTFR-2018-AVI-457, CERTFR-2018-AVI-584, CVE-2018-10675, ibm10742755, JSA10917, RHSA-2018:2164-01, RHSA-2018:2384-01, RHSA-2018:2395-01, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1846-1, USN-3754-1, VIGILANCE-VUL-26038.

Description of the vulnerability

An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1000199

Linux kernel: privilege escalation via Ptrace Hardware Breakpoint Settings

Synthesis of the vulnerability

An attacker can bypass restrictions via Ptrace Hardware Breakpoint Settings of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Android OS, QRadar SIEM, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 02/05/2018.
Identifiers: CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-256, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-584, CVE-2018-1000199, DLA-1369-1, DSA-4187-1, DSA-4188-1, ibm10742755, openSUSE-SU-2018:1418-1, RHSA-2018:1318-01, RHSA-2018:1345-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1354-01, RHSA-2018:1355-01, RHSA-2018:1374-01, SUSE-SU-2018:1366-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1846-1, SUSE-SU-2018:1855-1, Synology-SA-18:51, USN-3641-1, USN-3641-2, VIGILANCE-VUL-25999.

Description of the vulnerability

An attacker can bypass restrictions via Ptrace Hardware Breakpoint Settings of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-18241

Linux kernel: NULL pointer dereference via flush_cmd_control

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via flush_cmd_control of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 02/05/2018.
Identifiers: CERTFR-2018-AVI-301, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2019-AVI-115, CVE-2017-18241, DSA-4187-1, DSA-4188-1, openSUSE-SU-2018:1773-1, SSA:2019-030-01, SUSE-SU-2018:1772-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1855-1, USN-3910-1, USN-3910-2, VIGILANCE-VUL-25998.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via flush_cmd_control of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-9016

Linux kernel: use after free via blk_mq_tag_to_rq

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via blk_mq_tag_to_rq() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 02/05/2018.
Identifiers: CVE-2015-9016, DSA-4187-1, VIGILANCE-VUL-25997.

Description of the vulnerability

An attacker can force the usage of a freed memory area via blk_mq_tag_to_rq() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-10323

Linux kernel: NULL pointer dereference via xfs_bmap_extents_to_btree

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xfs_bmap_extents_to_btree() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/04/2018.
Identifiers: 199423, CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-10323, DLA-1529-1, DSA-4188-1, FEDORA-2018-ac3b4c7605, openSUSE-SU-2018:2119-1, USN-3752-1, USN-3752-2, USN-3752-3, USN-3754-1, VIGILANCE-VUL-25980.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xfs_bmap_extents_to_btree() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-10322

Linux kernel: NULL pointer dereference via xfs_dinode_verify

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xfs_dinode_verify() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, RHEL.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Creation date: 25/04/2018.
Identifiers: 199377, CVE-2018-10322, FEDORA-2018-ac3b4c7605, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, VIGILANCE-VUL-25979.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xfs_dinode_verify() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1000200

Linux kernel: NULL pointer dereference via OOM Kill

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via OOM Kill of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, openSUSE Leap, RHEL, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/04/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-1000200, openSUSE-SU-2018:2119-1, RHSA-2018:2948-01, USN-3752-1, USN-3752-2, USN-3752-3, VIGILANCE-VUL-25978.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via OOM Kill of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-8781

Linux kernel: integer overflow via udl_fb_mmap

Synthesis of the vulnerability

An attacker can generate an integer overflow via udl_fb_mmap() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 24/04/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-232, CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CERTFR-2018-AVI-277, CERTFR-2018-AVI-308, CVE-2018-8781, DLA-1369-1, DSA-4187-1, DSA-4188-1, openSUSE-SU-2018:1418-1, openSUSE-SU-2018:2119-1, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, SUSE-SU-2018:1366-1, SUSE-SU-2018:1816-1, USN-3654-1, USN-3654-2, USN-3656-1, USN-3674-1, USN-3674-2, USN-3677-1, USN-3677-2, VIGILANCE-VUL-25964.

Description of the vulnerability

An attacker can generate an integer overflow via udl_fb_mmap() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1108

Linux kernel: information disclosure via crng_ready

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via crng_ready() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 24/04/2018.
Identifiers: 1559, CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-1108, DSA-4188-1, FEDORA-2018-884a105c04, FEDORA-2018-bb7aab12cb, openSUSE-SU-2018:2119-1, USN-3752-1, USN-3752-2, USN-3752-3, VIGILANCE-VUL-25957.

Description of the vulnerability

An attacker can bypass access restrictions to data via crng_ready() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-13305

Linux kernel: out-of-bounds memory reading via Keyring Subsystem

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Keyring Subsystem of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 24/04/2018.
Identifiers: CERTFR-2018-AVI-198, CERTFR-2018-AVI-250, CERTFR-2018-AVI-299, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-392, CERTFR-2018-AVI-426, CVE-2017-13305, DLA-1731-1, DLA-1731-2, openSUSE-SU-2018:1773-1, RHSA-2018:2165-01, SUSE-SU-2018:1761-1, SUSE-SU-2018:1762-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1855-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2637-1, USN-3631-1, USN-3631-2, USN-3655-1, USN-3655-2, VIGILANCE-VUL-25956.

Description of the vulnerability

An attacker can force a read at an invalid address via Keyring Subsystem of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Linux: