Search CVE reports
151 – 160 of 1218 results
CVE-2017-12192
Medium prioritySome fixes available 16 of 22
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local...
32 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Fixed |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Fixed |
| linux-azure | — | — | — | — | Fixed |
| linux-euclid | — | — | — | — | Ignored |
| linux-flo | — | — | — | — | Ignored |
| linux-gcp | — | — | — | — | Fixed |
| linux-gke | — | — | — | — | Fixed |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Fixed |
| linux-hwe-edge | — | — | — | — | Fixed |
| linux-kvm | — | — | — | — | Fixed |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Ignored |
| linux-manta | — | — | — | — | Not in release |
| linux-oem | — | — | — | — | Not affected |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Fixed |
| linux-snapdragon | — | — | — | — | Fixed |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2017-12188
High prioritySome fixes available 8 of 11
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary...
32 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Not affected |
| linux-azure | — | — | — | — | Fixed |
| linux-euclid | — | — | — | — | Not affected |
| linux-flo | — | — | — | — | Ignored |
| linux-gcp | — | — | — | — | Fixed |
| linux-gke | — | — | — | — | Not affected |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Fixed |
| linux-hwe-edge | — | — | — | — | Fixed |
| linux-kvm | — | — | — | — | Not affected |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Ignored |
| linux-manta | — | — | — | — | Not in release |
| linux-oem | — | — | — | — | Not affected |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-snapdragon | — | — | — | — | Not affected |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2017-1000255
High prioritySome fixes available 4 of 6
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the...
32 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Not affected |
| linux-azure | — | — | — | — | Not affected |
| linux-euclid | — | — | — | — | Not affected |
| linux-flo | — | — | — | — | Ignored |
| linux-gcp | — | — | — | — | Not affected |
| linux-gke | — | — | — | — | Not affected |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Fixed |
| linux-hwe-edge | — | — | — | — | Fixed |
| linux-kvm | — | — | — | — | Not affected |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Ignored |
| linux-manta | — | — | — | — | Not in release |
| linux-oem | — | — | — | — | Not affected |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-snapdragon | — | — | — | — | Not affected |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2017-14991
Low prioritySome fixes available 14 of 22
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
33 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-azure-edge...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | Not affected | Fixed |
| linux-armadaxp | — | — | — | Not in release | Not in release |
| linux-aws | — | — | — | Not affected | Fixed |
| linux-azure | — | — | — | Not affected | Fixed |
| linux-azure-edge | — | — | — | Not affected | Not affected |
| linux-euclid | — | — | — | Not in release | Ignored |
| linux-flo | — | — | — | Not in release | Ignored |
| linux-gcp | — | — | — | Not affected | Fixed |
| linux-gke | — | — | — | Not in release | Fixed |
| linux-goldfish | — | — | — | Not in release | Ignored |
| linux-grouper | — | — | — | Not in release | Not in release |
| linux-hwe | — | — | — | Not affected | Fixed |
| linux-hwe-edge | — | — | — | Not affected | Fixed |
| linux-kvm | — | — | — | Not affected | Fixed |
| linux-linaro-omap | — | — | — | Not in release | Not in release |
| linux-linaro-shared | — | — | — | Not in release | Not in release |
| linux-linaro-vexpress | — | — | — | Not in release | Not in release |
| linux-lts-quantal | — | — | — | Not in release | Not in release |
| linux-lts-raring | — | — | — | Not in release | Not in release |
| linux-lts-saucy | — | — | — | Not in release | Not in release |
| linux-lts-trusty | — | — | — | Not in release | Not in release |
| linux-lts-utopic | — | — | — | Not in release | Not in release |
| linux-lts-vivid | — | — | — | Not in release | Not in release |
| linux-lts-wily | — | — | — | Not in release | Not in release |
| linux-lts-xenial | — | — | — | Not in release | Not in release |
| linux-maguro | — | — | — | Not in release | Not in release |
| linux-mako | — | — | — | Not in release | Ignored |
| linux-manta | — | — | — | Not in release | Not in release |
| linux-oem | — | — | — | Not affected | Not affected |
| linux-qcm-msm | — | — | — | Not in release | Not in release |
| linux-raspi2 | — | — | — | Not affected | Fixed |
| linux-snapdragon | — | — | — | Not affected | Fixed |
| linux-ti-omap4 | — | — | — | Not in release | Not in release |
CVE-2017-14954
Low prioritySome fixes available 2 of 5
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection...
32 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Not affected |
| linux-azure | — | — | — | — | Not affected |
| linux-euclid | — | — | — | — | Not affected |
| linux-flo | — | — | — | — | Ignored |
| linux-gcp | — | — | — | — | Not affected |
| linux-gke | — | — | — | — | Not affected |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Not affected |
| linux-hwe-edge | — | — | — | — | Not affected |
| linux-kvm | — | — | — | — | Not affected |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Ignored |
| linux-manta | — | — | — | — | Not in release |
| linux-oem | — | — | — | — | Not affected |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-snapdragon | — | — | — | — | Not affected |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2017-12154
Medium prioritySome fixes available 17 of 25
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12...
32 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | Not affected | Fixed |
| linux-armadaxp | — | — | — | Not in release | Not in release |
| linux-aws | — | — | — | Not affected | Fixed |
| linux-azure | — | — | — | Not affected | Fixed |
| linux-euclid | — | — | — | Not in release | Ignored |
| linux-flo | — | — | — | Not in release | Ignored |
| linux-gcp | — | — | — | Not affected | Fixed |
| linux-gke | — | — | — | Not in release | Fixed |
| linux-goldfish | — | — | — | Not in release | Ignored |
| linux-grouper | — | — | — | Not in release | Not in release |
| linux-hwe | — | — | — | Not affected | Fixed |
| linux-hwe-edge | — | — | — | Fixed | Fixed |
| linux-kvm | — | — | — | Not affected | Fixed |
| linux-linaro-omap | — | — | — | Not in release | Not in release |
| linux-linaro-shared | — | — | — | Not in release | Not in release |
| linux-linaro-vexpress | — | — | — | Not in release | Not in release |
| linux-lts-quantal | — | — | — | Not in release | Not in release |
| linux-lts-raring | — | — | — | Not in release | Not in release |
| linux-lts-saucy | — | — | — | Not in release | Not in release |
| linux-lts-trusty | — | — | — | Not in release | Not in release |
| linux-lts-utopic | — | — | — | Not in release | Not in release |
| linux-lts-vivid | — | — | — | Not in release | Not in release |
| linux-lts-wily | — | — | — | Not in release | Not in release |
| linux-lts-xenial | — | — | — | Not in release | Not in release |
| linux-maguro | — | — | — | Not in release | Not in release |
| linux-mako | — | — | — | Not in release | Ignored |
| linux-manta | — | — | — | Not in release | Not in release |
| linux-oem | — | — | — | Not affected | Not affected |
| linux-qcm-msm | — | — | — | Not in release | Not in release |
| linux-raspi2 | — | — | — | Not affected | Fixed |
| linux-snapdragon | — | — | — | Not affected | Fixed |
| linux-ti-omap4 | — | — | — | Not in release | Not in release |
CVE-2017-1000253
High prioritySome fixes available 2 of 7
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by...
32 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | Not affected | Not affected |
| linux-armadaxp | — | — | — | Not in release | Not in release |
| linux-aws | — | — | — | Not affected | Not affected |
| linux-azure | — | — | — | Not affected | Not affected |
| linux-euclid | — | — | — | Not in release | Not affected |
| linux-flo | — | — | — | Not in release | Ignored |
| linux-gcp | — | — | — | Not affected | Not affected |
| linux-gke | — | — | — | Not in release | Not affected |
| linux-goldfish | — | — | — | Not in release | Ignored |
| linux-grouper | — | — | — | Not in release | Not in release |
| linux-hwe | — | — | — | Not affected | Not affected |
| linux-hwe-edge | — | — | — | Fixed | Not affected |
| linux-kvm | — | — | — | Not affected | Not affected |
| linux-linaro-omap | — | — | — | Not in release | Not in release |
| linux-linaro-shared | — | — | — | Not in release | Not in release |
| linux-linaro-vexpress | — | — | — | Not in release | Not in release |
| linux-lts-quantal | — | — | — | Not in release | Not in release |
| linux-lts-raring | — | — | — | Not in release | Not in release |
| linux-lts-saucy | — | — | — | Not in release | Not in release |
| linux-lts-trusty | — | — | — | Not in release | Not in release |
| linux-lts-utopic | — | — | — | Not in release | Not in release |
| linux-lts-vivid | — | — | — | Not in release | Not in release |
| linux-lts-wily | — | — | — | Not in release | Not in release |
| linux-lts-xenial | — | — | — | Not in release | Not in release |
| linux-maguro | — | — | — | Not in release | Not in release |
| linux-mako | — | — | — | Not in release | Ignored |
| linux-manta | — | — | — | Not in release | Not in release |
| linux-oem | — | — | — | Not affected | Not affected |
| linux-qcm-msm | — | — | — | Not in release | Not in release |
| linux-raspi2 | — | — | — | Not affected | Not affected |
| linux-snapdragon | — | — | — | Not affected | Not affected |
| linux-ti-omap4 | — | — | — | Not in release | Not in release |
CVE-2017-1000252
Medium prioritySome fixes available 15 of 19
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and...
32 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Fixed |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Fixed |
| linux-azure | — | — | — | — | Fixed |
| linux-euclid | — | — | — | — | Ignored |
| linux-flo | — | — | — | — | Ignored |
| linux-gcp | — | — | — | — | Fixed |
| linux-gke | — | — | — | — | Fixed |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Fixed |
| linux-hwe-edge | — | — | — | — | Fixed |
| linux-kvm | — | — | — | — | Fixed |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Ignored |
| linux-manta | — | — | — | — | Not in release |
| linux-oem | — | — | — | — | Not affected |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Fixed |
| linux-snapdragon | — | — | — | — | Fixed |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2015-5327
Medium priorityOut-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.
31 affected packages
linux, linux-2.6, linux-armadaxp, linux-aws, linux-ec2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-2.6 | — | — | — | — | Not in release |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Not affected |
| linux-ec2 | — | — | — | — | Not in release |
| linux-flo | — | — | — | — | Not affected |
| linux-fsl-imx51 | — | — | — | — | Not in release |
| linux-gke | — | — | — | — | Not affected |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Not affected |
| linux-hwe-edge | — | — | — | — | Not affected |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Not affected |
| linux-manta | — | — | — | — | Not in release |
| linux-mvl-dove | — | — | — | — | Not in release |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-snapdragon | — | — | — | — | Not affected |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2017-12153
Medium prioritySome fixes available 17 of 25
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request....
32 affected packages
linux, linux-armadaxp, linux-aws, linux-azure, linux-euclid...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | Not affected | Fixed |
| linux-armadaxp | — | — | — | Not in release | Not in release |
| linux-aws | — | — | — | Not affected | Fixed |
| linux-azure | — | — | — | Not affected | Fixed |
| linux-euclid | — | — | — | Not in release | Ignored |
| linux-flo | — | — | — | Not in release | Ignored |
| linux-gcp | — | — | — | Not affected | Fixed |
| linux-gke | — | — | — | Not in release | Fixed |
| linux-goldfish | — | — | — | Not in release | Ignored |
| linux-grouper | — | — | — | Not in release | Not in release |
| linux-hwe | — | — | — | Not affected | Fixed |
| linux-hwe-edge | — | — | — | Fixed | Fixed |
| linux-kvm | — | — | — | Not affected | Fixed |
| linux-linaro-omap | — | — | — | Not in release | Not in release |
| linux-linaro-shared | — | — | — | Not in release | Not in release |
| linux-linaro-vexpress | — | — | — | Not in release | Not in release |
| linux-lts-quantal | — | — | — | Not in release | Not in release |
| linux-lts-raring | — | — | — | Not in release | Not in release |
| linux-lts-saucy | — | — | — | Not in release | Not in release |
| linux-lts-trusty | — | — | — | Not in release | Not in release |
| linux-lts-utopic | — | — | — | Not in release | Not in release |
| linux-lts-vivid | — | — | — | Not in release | Not in release |
| linux-lts-wily | — | — | — | Not in release | Not in release |
| linux-lts-xenial | — | — | — | Not in release | Not in release |
| linux-maguro | — | — | — | Not in release | Not in release |
| linux-mako | — | — | — | Not in release | Ignored |
| linux-manta | — | — | — | Not in release | Not in release |
| linux-oem | — | — | — | Not affected | Not affected |
| linux-qcm-msm | — | — | — | Not in release | Not in release |
| linux-raspi2 | — | — | — | Not affected | Fixed |
| linux-snapdragon | — | — | — | Not affected | Fixed |
| linux-ti-omap4 | — | — | — | Not in release | Not in release |