CVE Daily
← All tags

Tag: Linux Kernel

All CVEs associated with "Linux Kernel". Page 129/168 • 20117 CVEs.

Subscribe CVEs: RSS for “Linux Kernel”  ·  RSS (High+Critical only)

About “Linux Kernel”

A curated feed of “Linux Kernel”-related CVEs appears below. We currently track 20117 CVEs for this tag (all time). In the last 365 days, 6173 were published. Average CVSS is 6.4 (all time; 6.4 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-476 - NULL Pointer Dereference, CWE-401 - Missing Release of Memory after Effective Lifetime, CWE-416 - Use After Free.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-09-18
High

CVE-2017-15828

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may pote…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-15825

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur.

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-15818

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2018-14641

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment().…

CVSS: 6.5 CWE: CWE-456 - Missing Initialization of a Variable View on NVD
2018-09-13
High

CVE-2018-8441

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2018-8337

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affe…

CVSS: 5.3 CWE: CWE-178 - Improper Handling of Case Sensitivity View on NVD
2018-09-11
High

CVE-2018-10853

A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged…

CVSS: 7.0 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2018-09-10
Medium

CVE-2018-14635

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service cou…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-14625

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may al…

CVSS: 5.3 CWE: CWE-416 - Use After Free View on NVD
2018-09-07
Medium

CVE-2018-16658

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a ca…

CVSS: 6.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-09-06
High

CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2018-11263

In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats r…

CVSS: 8.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
2018-09-04
High

CVE-2018-6555

The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-afte…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2018-6554

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory con…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2018-11262

In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could…

CVSS: 7.8 CWE: CWE-682 - Incorrect Calculation View on NVD
2018-08-31
High

CVE-2018-16276

An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2018-08-30
High

CVE-2018-14619

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was free…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2018-08-29
High

CVE-2018-15912

An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially conta…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2018-08-27
Medium

CVE-2018-10938

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4…

CVSS: 5.9 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2018-08-23
Medium

CVE-2018-6558

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a…

CVSS: 6.5 CWE: N/A View on NVD
2018-08-20
Medium

CVE-2018-15594

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-15572

The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduc…

CVSS: 6.5 CWE: N/A View on NVD
2018-08-17
High

CVE-2018-15471

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver all…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-15469

An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2018-5546

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-08-14
High

CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, whic…

CVSS: 7.8 CWE: CWE-419 - Unprotected Primary Channel View on NVD
2018-08-13
Medium

CVE-2018-6970

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library.…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-08-10
Medium

CVE-2018-7754

The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugf…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2018-13390

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.

CVSS: 6.1 CWE: N/A View on NVD
2018-08-08
High

CVE-2018-12408

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO…

CVSS: 7.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2018-08-07
Medium

CVE-2018-5995

The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-5953

The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk c…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-08-06
High

CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Critical

CVE-2017-8988

A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (f…

CVSS: 9.8 CWE: N/A View on NVD
2018-07-31
High

CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root…

CVSS: 7.8 CWE: CWE-264 View on NVD
Medium

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code e…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2018-10607

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a deni…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Critical

CVE-2018-10603

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2018-07-30
Medium

CVE-2018-10883

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operati…

CVSS: 4.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug except…

CVSS: 5.5 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2017-7482

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2018-07-29
High

CVE-2018-14734

drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2018-07-28
High

CVE-2018-14678

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which al…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
2018-07-27
High

CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP conne…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2017-2618

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to…

CVSS: 5.5 CWE: CWE-193 - Off-by-one Error View on NVD
Medium

CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root pr…

CVSS: 5.5 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
Medium

CVE-2018-10882

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted…

CVSS: 4.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-14617

An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2018-14616

An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2018-14615

An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be nega…

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-14614

An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2018-14613

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group m…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2018-14611

An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in bt…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2018-14610

An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verificatio…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-14609

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to rem…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2018-07-26
Medium

CVE-2017-18344

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-10881

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operatin…

CVSS: 4.2 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-10879

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renam…

CVSS: 4.2 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2018-10878

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a craft…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-10876

A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.

CVSS: 5.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2018-10901

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator cou…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2017-7558

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13…

CVSS: 5.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-07-25
Medium

CVE-2018-10880

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cau…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2018-07-18
High

CVE-2018-10877

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

CVSS: 7.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-07-16
Medium

CVE-2018-10840

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

CVSS: 6.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2018-07-12
High

CVE-2018-5529

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the loc…

CVSS: 7.8 CWE: N/A View on NVD
2018-07-11
Medium

CVE-2018-11045

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance i…

CVSS: 5.9 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
Medium

CVE-2016-9604

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as…

CVSS: 4.4 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-07-10
Medium

CVE-2018-10872

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliv…

CVSS: 6.5 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2018-1566

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

CVSS: 8.4 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2018-1487

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to…

CVSS: 8.4 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2018-1458

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

CVSS: 7.4 CWE: CWE-426 - Untrusted Search Path View on NVD
2018-07-09
High

CVE-2018-1000621

Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for L…

CVSS: 8.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-07-06
High

CVE-2018-5907

Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for M…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2018-5886

A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory b…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-5873

An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affec…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2018-5872

While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the…

CVSS: 8.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-5865

While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an…

CVSS: 5.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2018-5864

While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-re…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-5862

In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-5859

Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2018-5858

In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur.

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2018-5855

While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buf…

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-5853

A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leadi…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2018-3587

In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2018-3586

An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2018-3570

In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2018-11304

Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for M…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-15851

Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) f…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-5899

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the ne…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2018-5898

Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android fo…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2018-5897

While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-5896

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-5895

Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kerne…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-5893

While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch lev…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-5890

If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-5889

While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch le…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-5888

While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-5887

While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) befor…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-5836

In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is rec…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-5835

If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM,…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-5834

In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security p…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-5832

Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05,…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2018-5831

In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead t…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2018-5830

While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-5829

In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-re…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-3597

In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occ…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-3577

While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2018-3569

A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-3564

In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occ…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-18159

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller tha…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-18158

Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-0…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-15856

Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2017-15824

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack b…

CVSS: 5.5 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
Medium

CVE-2017-14893

While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in An…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2017-14872

While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2017-11088

Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2018-10892

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disa…

CVSS: 5.3 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD