Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-3961

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Apr, 2016 | 14:00
Updated At-06 Aug, 2024 | 00:10
Rejected At-
Credits

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Apr, 2016 | 14:00
Updated At:06 Aug, 2024 | 00:10
Rejected At:
▼CVE Numbering Authority (CNA)

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://xenbits.xen.org/xsa/xsa174.patch
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3006-1
vendor-advisory
x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3004-1
vendor-advisory
x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3001-1
vendor-advisory
x_refsource_UBUNTU
http://xenbits.xen.org/xsa/advisory-174.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3005-1
vendor-advisory
x_refsource_UBUNTU
http://www.securitytracker.com/id/1035569
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-3049-1
vendor-advisory
x_refsource_UBUNTU
http://www.debian.org/security/2016/dsa-3607
vendor-advisory
x_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-3002-1
vendor-advisory
x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3050-1
vendor-advisory
x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3007-1
vendor-advisory
x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3003-1
vendor-advisory
x_refsource_UBUNTU
http://www.securityfocus.com/bid/86068
vdb-entry
x_refsource_BID
Hyperlink: http://xenbits.xen.org/xsa/xsa174.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-3006-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ubuntu.com/usn/USN-3004-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ubuntu.com/usn/USN-3001-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://xenbits.xen.org/xsa/advisory-174.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-3005-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securitytracker.com/id/1035569
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/USN-3049-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2016/dsa-3607
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.ubuntu.com/usn/USN-3002-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ubuntu.com/usn/USN-3050-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ubuntu.com/usn/USN-3007-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ubuntu.com/usn/USN-3003-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securityfocus.com/bid/86068
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://xenbits.xen.org/xsa/xsa174.patch
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-3006-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.ubuntu.com/usn/USN-3004-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.ubuntu.com/usn/USN-3001-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://xenbits.xen.org/xsa/advisory-174.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-3005-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securitytracker.com/id/1035569
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/USN-3049-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.debian.org/security/2016/dsa-3607
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.ubuntu.com/usn/USN-3002-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.ubuntu.com/usn/USN-3050-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.ubuntu.com/usn/USN-3007-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.ubuntu.com/usn/USN-3003-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securityfocus.com/bid/86068
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://xenbits.xen.org/xsa/xsa174.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3006-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3004-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3001-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://xenbits.xen.org/xsa/advisory-174.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3005-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securitytracker.com/id/1035569
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3049-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3607
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3002-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3050-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3007-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3003-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securityfocus.com/bid/86068
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Apr, 2016 | 14:59
Updated At:06 May, 2026 | 22:30

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Xen Project
xen
>>xen>>Versions up to 4.5.3(inclusive)
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.debian.org/security/2016/dsa-3607cve@mitre.org
N/A
http://www.securityfocus.com/bid/86068cve@mitre.org
N/A
http://www.securitytracker.com/id/1035569cve@mitre.org
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3001-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-3002-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-3003-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-3004-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-3005-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-3006-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-3007-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-3049-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-3050-1cve@mitre.org
N/A
http://xenbits.xen.org/xsa/advisory-174.htmlcve@mitre.org
Vendor Advisory
http://xenbits.xen.org/xsa/xsa174.patchcve@mitre.org
Patch
http://www.debian.org/security/2016/dsa-3607af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/86068af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1035569af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3001-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3002-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3003-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3004-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3005-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3006-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3007-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3049-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-3050-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://xenbits.xen.org/xsa/advisory-174.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://xenbits.xen.org/xsa/xsa174.patchaf854a3a-2127-422b-91ae-364da2661108
Patch
Hyperlink: http://www.debian.org/security/2016/dsa-3607
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/86068
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1035569
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-3001-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3002-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3003-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3004-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3005-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3006-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3007-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3049-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3050-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://xenbits.xen.org/xsa/advisory-174.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://xenbits.xen.org/xsa/xsa174.patch
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.debian.org/security/2016/dsa-3607
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/86068
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1035569
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-3001-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3002-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3003-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3004-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3005-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3006-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3007-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3049-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3050-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://xenbits.xen.org/xsa/advisory-174.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://xenbits.xen.org/xsa/xsa174.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

595Records found

CVE-2012-4544
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.42% / 33.77%
||
7 Day CHG~0.00%
Published-31 Oct, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10087
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 36.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 13:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-7795
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.63% / 45.93%
||
7 Day CHG~0.00%
Published-13 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.

Action-Not Available
Vendor-systemd_projectn/aCanonical Ltd.
Product-systemdubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2841
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.39% / 31.07%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

Action-Not Available
Vendor-n/aCanonical Ltd.QEMU
Product-ubuntu_linuxqemun/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25598
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 33.47%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 21:07
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSEXen Project
Product-xenfedoraleapn/a
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2020-25596
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.51% / 39.83%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 21:28
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxopenSUSEXen Project
Product-xendebian_linuxfedoraleapn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2013-0241
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.39% / 30.51%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-qxl_graphics_driver_projectn/aCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxenterprise_linux_serverenterprise_linux_workstationxf86-video-qxlenterprise_linux_desktopn/a
CVE-2012-6648
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.38% / 29.62%
||
7 Day CHG~0.00%
Published-22 May, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.

Action-Not Available
Vendor-gdm-guest-session_projectn/aCanonical Ltd.
Product-ubuntu_linuxgdm-guest-sessionn/a
CVE-2012-3494
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.44% / 35.06%
||
7 Day CHG~0.00%
Published-23 Nov, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenserverxenn/a
CVE-2020-11937
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 37.16%
||
7 Day CHG~0.00%
Published-06 Aug, 2020 | 22:50
Updated-17 Sep, 2024 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Resource exhaustion vulnerability in whoopsie

In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_linuxwhoopsiewhoopsie
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2012-0943
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-2.1||LOW
EPSS-0.76% / 50.85%
||
7 Day CHG~0.00%
Published-22 May, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.

Action-Not Available
Vendor-robert_ancelln/aCanonical Ltd.
Product-ubuntu_linuxlightdmn/a
CVE-2005-3181
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.50% / 39.09%
||
7 Day CHG~0.00%
Published-11 Oct, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).

Action-Not Available
Vendor-n/aDebian GNU/LinuxMandriva (Mandrakesoft)Linux Kernel Organization, IncCanonical Ltd.
Product-debian_linuxlinux_kernellinuxubuntu_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2017-18043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 36.07%
||
7 Day CHG~0.00%
Published-31 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxqemun/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14816
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.60%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 18:25
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Action-Not Available
Vendor-NetApp, Inc.Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxa700s_firmwarea320_firmwareenterprise_linux_server_ausfas2720fas2720_firmwareh300s_firmwareh410sc190h610s_firmwareh300senterprise_linux_tussteelstore_cloud_integrated_storageh300e_firmwareh610sfas2750fas2750_firmwareh500ehci_management_nodefedorah500s_firmwareh500e_firmwareenterprise_linux_eusa700sa220h700sh700edata_availability_servicesleaph300ea800virtualizationh500sservice_processorenterprise_linuxenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusa320enterprise_linux_compute_node_eussolidfirea800_firmwaredebian_linuxlinux_kernelh410s_firmwareh700s_firmwarec190_firmwarea220_firmwareenterprise_linux_for_power_big_endian_eusenterprise_linux_server_tush700e_firmwareenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timemessaging_realtime_gridkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23034
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 25.58%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 13:43
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoraxen
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-19582
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 29.80%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 16:50
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.

Action-Not Available
Vendor-n/aFedora ProjectXen Project
Product-xenfedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-14814
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 54.35%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 18:27
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Action-Not Available
Vendor-openSUSECanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-ubuntu_linuxa700s_firmwarea320_firmwareenterprise_linux_server_ausfas2720fas2720_firmwareh300s_firmwareh410c_firmwareh410sc190h610s_firmwareh300ssteelstore_cloud_integrated_storageh300e_firmwareh610sfas2750fas2750_firmwareh500ehci_management_nodeh500s_firmwareh500e_firmwareenterprise_linux_eusa700sa220h700sh700edata_availability_servicesleaph300ea800h500sservice_processorenterprise_linuxenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusa320solidfirea800_firmwaredebian_linuxlinux_kernelh410s_firmwareh700s_firmwarec190_firmwarea220_firmwareh410centerprise_linux_server_tush700e_firmwareenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timemessaging_realtime_gridkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-1186
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.54% / 41.40%
||
7 Day CHG~0.00%
Published-17 Apr, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

Action-Not Available
Vendor-udev_projectn/aCanonical Ltd.openSUSESUSEDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_debuginfolinux_enterprise_serverfedoraudevopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-11485
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-3.3||LOW
EPSS-0.26% / 17.33%
||
7 Day CHG~0.00%
Published-08 Feb, 2020 | 04:50
Updated-16 Sep, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apport created lock file in wrong directory

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

Action-Not Available
Vendor-apport_projectCanonical Ltd.
Product-apportubuntu_linuxapport
CWE ID-CWE-412
Unrestricted Externally Accessible Lock
CVE-2019-12068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.8||LOW
EPSS-0.51% / 40.00%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 19:59
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Action-Not Available
Vendor-n/aopenSUSEQEMUCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxqemuleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-19922
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.95% / 56.86%
||
7 Day CHG~0.00%
Published-22 Dec, 2019 | 19:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxlinux_kernelsd-wan_edgefas\/aff_baseboard_management_controllercloud_backupsolidfire_\&_hci_management_nodee-series_santricity_os_controlleractive_iq_unified_managersteelstore_cloud_integrated_storagehci_baseboard_management_controllersolidfire_baseboard_management_controlleraff_baseboard_management_controllerdata_availability_servicesn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-2271
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 31.09%
||
7 Day CHG~0.00%
Published-19 Feb, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CVE-2017-14431
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 25.79%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-0154
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.65% / 46.45%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 18:19
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aCanonical Ltd.Intel Corporation
Product-xeon_e3-1230_v5core_i7-7700kcore_i7-8705gpentium_silver_n5000_firmwarecore_i7-8665uxeon_e-2276mxeon_e3-1558l_v5core_i7-7660ucore_i7-6600ucore_i7-8706gxeon_e3-1565l_v5_firmwarexeon_e3-1565l_v5xeon_e3-1501l_v6_firmwarexeon_e-2236core_i9-9880h_firmwarecore_i7-8700t_firmwarexeon_e-2236_firmwarexeon_e-2124g_firmwarexeon_e-2126g_firmwareatom_x5-a3940xeon_e3-1240_v6xeon_e-2254me_firmwarecore_i7-8700core_i7-8665ue_firmwarexeon_e-2276me_firmwarexeon_e3-1220_v5_firmwarecore_i7-8705g_firmwareatom_x5-a3930_firmwarecore_i7-7700tcore_i7-8086kcore_i7-6600u_firmwarecore_i7-6770hqcore_i7-8700kcore_i7-6650u_firmwarexeon_e3-1280_v5core_i9-9900kfxeon_e-2226gxeon_e3-1270_v6_firmwarexeon_e3-1285_v6_firmwarecore_i7-6822eqxeon_e-2276m_firmwarexeon_e-2134core_i7-6700teceleron_j3455core_i7-6567u_firmwarexeon_e3-1501l_v6xeon_e-2226g_firmwarecore_i7-7600uxeon_e3-1285_v6xeon_e-2224xeon_e-2186m_firmwarexeon_e3-1225_v6core_i7-8569u_firmwarecore_i7\+8700_firmwarexeon_e-2144g_firmwarexeon_e3-1240l_v5xeon_e3-1225_v5_firmwarexeon_e3-1505l_v6xeon_e-2278gexeon_e-2134_firmwareceleron_n4100core_i7-7600u_firmwarecore_i7-7700hqxeon_e3-1240_v5_firmwarecore_i7-7820hkxeon_e3-1245_v5core_i7-6870hqxeon_e3-1558l_v5_firmwarecore_i7-6970hqceleron_n4000_firmwarexeon_e3-1505l_v6_firmwareceleron_j3455_firmwarexeon_e-2136xeon_e-2246gcore_i7-8500y_firmwareatom_x5-a3940_firmwarexeon_e3-1270_v5_firmwareatom_x7-a3950_firmwarecore_i7-8700b_firmwarexeon_e3-1275_v5_firmwarexeon_e3-1535m_v5xeon_e3-1535m_v5_firmwarecore_i7-7700core_i7-6820hq_firmwarecore_i7-7820hq_firmwarecore_i7-7920hqxeon_e3-1575m_v5_firmwarecore_i7-7920hq_firmwarexeon_e3-1268l_v5core_i9-9900ks_firmwarexeon_e-2254mlxeon_e3-1545m_v5core_i7-8700k_firmwarexeon_e-2124_firmwarexeon_e3-1260l_v5_firmwarexeon_e3-1240_v6_firmwarexeon_e3-1501m_v6_firmwarecore_i7-8700_firmwarecore_i7-8750hxeon_e3-1501m_v6xeon_e3-1505m_v5_firmwarexeon_e-2226ge_firmwarexeon_e-2254ml_firmwareceleron_j4105_firmwarexeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5pentium_n4200_firmwarexeon_e3-1260l_v5xeon_e3-1270_v6pentium_silver_n5000xeon_e-2286mxeon_e3-1505m_v5core_i7-8557u_firmwarecore_i7-7820eq_firmwarexeon_e-2276gxeon_e-2186gxeon_e-2276mlxeon_e-2244gxeon_e-2174gcore_i9-9900kxeon_e-2176gcore_i7-8809gceleron_j4105core_i7-8709gcore_i7-8700bxeon_e3-1230_v6_firmwarecore_i7-7y75_firmwarecore_i7-8550u_firmwarecore_i7-7500u_firmwarexeon_e3-1275_v6_firmwarexeon_e3-1585_v5xeon_e3-1225_v6_firmwarecore_i7-6700k_firmwarecore_i7-7820hk_firmwarecore_i7-8557ucore_i9-9900kf_firmwarecore_i7-6560uxeon_e-2278ge_firmwareceleron_j3355core_i7-6820hk_firmwarecore_i7-8700txeon_e3-1280_v5_firmwarecore_i7-6820hqxeon_e3-1220_v6_firmwarecore_i7-8650uxeon_e3-1535m_v6_firmwarexeon_e-2286m_firmwarecore_i7-6700tcore_i7-6920hqcore_i9-9900ksxeon_e3-1230_v6atom_x7-a3950core_i7-6700_firmwarexeon_e3-1585l_v5_firmwarexeon_e3-1240l_v5_firmwarexeon_e-2234_firmwareatom_x5-a3930core_i7-8565u_firmwarecore_i7-6822eq_firmwarexeon_e-2224_firmwarexeon_e-2186g_firmwareceleron_n3350xeon_e-2274gxeon_e-2124gpentium_silver_j5005xeon_e-2278gelxeon_e3-1280_v6xeon_e-2288gcore_i7-6700t_firmwarexeon_e-2234xeon_e3-1245_v5_firmwarecore_i7-8709g_firmwarecore_i7-6500ucore_i7-6500u_firmwarecore_i7-6700kxeon_e3-1280_v6_firmwarexeon_e-2124celeron_n4100_firmwarecore_i9-9880hcore_i7-6820eq_firmwarepentium_silver_j5005_firmwarexeon_e-2136_firmwarexeon_e-2276g_firmwarexeon_e3-1235l_v5_firmwarexeon_e-2276mecore_i7-8565uceleron_n3350_firmwarexeon_e-2274g_firmwarexeon_e-2126gcore_i7-7560ucore_i7-8706g_firmwarecore_i7-6920hq_firmwarecore_i7-7820eqxeon_e3-1535m_v6core_i9-9900celeron_n3450_firmwarexeon_e3-1220_v5core_i7-8650u_firmwarexeon_e-2146g_firmwarexeon_e3-1220_v6core_i7-6785r_firmwarecore_i7-8850h_firmwarecore_i9-9900k_firmwarecore_i7-6700hq_firmwarecore_i7-6700hqcore_i7-7700k_firmwarepentium_n4200core_i7-7567u_firmwarexeon_e-2186mxeon_e-2176mcore_i7-6970hq_firmwarecore_i7-6785rcore_i7-7700hq_firmwarecore_i7-6820hkcore_i7-6660u_firmwarexeon_e3-1230_v5_firmwarexeon_e-2278g_firmwarecore_i7-7500ucore_i7-8550uubuntu_linuxxeon_e-2276ml_firmwarexeon_e-2224gxeon_e-2286gxeon_e3-1268l_v5_firmwarecore_i7-6700te_firmwarepentium_j4205xeon_e3-1275_v6xeon_e-2226gexeon_e-2244g_firmwarecore_i7-6650uxeon_e3-1575m_v5xeon_e-2278gxeon_e3-1505l_v5xeon_e3-1245_v6core_i7-8559u_firmwarecore_i7-8850hcore_i7-8086k_firmwareceleron_j4005_firmwarexeon_e3-1585_v5_firmwarexeon_e-2176g_firmwarecore_i7-8665u_firmwarecore_i7-6560u_firmwarecore_i7-6820eqcore_i7-8500ycore_i7-7567uxeon_e3-1505m_v6_firmwarecore_i9-9900tcore_i9-9900_firmwarexeon_e3-1545m_v5_firmwarexeon_e3-1235l_v5core_i7\+8700core_i7-7660u_firmwarepentium_j4205_firmwarexeon_e3-1585l_v5core_i7-7820hqcore_i7-8750h_firmwarexeon_e3-1275_v5core_i7-8665uecore_i7-8809g_firmwarexeon_e3-1240_v5xeon_e-2288g_firmwareceleron_n4000core_i7-7700t_firmwarecore_i9-9980hk_firmwarexeon_e-2246g_firmwarecore_i7-6567uxeon_e-2176m_firmwarexeon_e-2174g_firmwareceleron_n3450xeon_e3-1515m_v5xeon_e3-1505l_v5_firmwarexeon_e3-1225_v5core_i7-6870hq_firmwarexeon_e-2278gel_firmwarexeon_e-2144gxeon_e3-1245_v6_firmwarexeon_e3-1515m_v5_firmwarecore_i7-8569ucore_i7-7700_firmwarecore_i7-6770hq_firmwarexeon_e-2254mecore_i7-7y75celeron_j3355_firmwareceleron_j4005core_i7-7560u_firmwarexeon_e-2286g_firmwarecore_i7-6700xeon_e3-1505m_v6core_i9-9980hkcore_i7-8559ucore_i9-9900t_firmwarexeon_e-2146gxeon_e-2224g_firmwarexeon_e3-1578l_v5_firmware2019.2 IPU – Intel(R) Processor Graphics Update
CVE-2018-7858
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 46.06%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

Action-Not Available
Vendor-n/aopenSUSEQEMUCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationqemuenterprise_linux_server_tusenterprise_linux_desktopleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 33.05%
||
7 Day CHG~0.00%
Published-10 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.68% / 47.74%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-8087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 38.27%
||
7 Day CHG~0.00%
Published-13 Mar, 2018 | 06:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2018-7740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.62% / 45.17%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 08:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_workstationvirtualization_hostenterprise_linux_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-6554
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.51% / 39.51%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 18:00
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.

Action-Not Available
Vendor-Linux KernelLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelLinux Kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2018-5333
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-7.68% / 93.86%
||
7 Day CHG~0.00%
Published-11 Jan, 2018 | 07:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-5683
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.69% / 48.19%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 18:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationqemuenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-2762
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.46% / 36.65%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxmysqlMySQL Server
CVE-2018-19364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 40.88%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 19:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.QEMUDebian GNU/LinuxFedora Project
Product-ubuntu_linuxdebian_linuxqemufedoraleapn/a
CWE ID-CWE-416
Use After Free
CVE-2018-20124
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 38.47%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 22:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.
Product-ubuntu_linuxqemun/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-20126
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 38.58%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 21:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.

Action-Not Available
Vendor-n/aopenSUSEQEMUCanonical Ltd.
Product-ubuntu_linuxqemuleapn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2018-20123
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 38.47%
||
7 Day CHG~0.00%
Published-17 Dec, 2018 | 18:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Fedora Project
Product-ubuntu_linuxqemufedoran/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2018-19407
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 37.79%
||
7 Day CHG~0.00%
Published-21 Nov, 2018 | 00:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-18954
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 40.10%
||
7 Day CHG~0.00%
Published-15 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

Action-Not Available
Vendor-n/aopenSUSEQEMUCanonical Ltd.
Product-ubuntu_linuxqemuleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-18386
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.41% / 33.17%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 20:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2018-18690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.68% / 48.00%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-18849
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.56% / 42.53%
||
7 Day CHG-0.01%
Published-17 Mar, 2019 | 19:56
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

Action-Not Available
Vendor-n/aopenSUSEQEMUCanonical Ltd.Fedora Project
Product-ubuntu_linuxqemufedoraleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16878
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.44% / 35.19%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

Action-Not Available
Vendor-clusterlabsClusterLabsDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxpacemakerdebian_linuxfedoraenterprise_linuxenterprise_linux_ausenterprise_linux_eusenterprise_linux_tusleappacemaker
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-15853
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 41.18%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.

Action-Not Available
Vendor-xkbcommonn/aCanonical Ltd.
Product-ubuntu_linuxlibxkbcommonxkbcommonn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-15859
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 41.18%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.

Action-Not Available
Vendor-xkbcommonn/aCanonical Ltd.
Product-ubuntu_linuxlibxkbcommonxkbcommonn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-15856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.45%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.

Action-Not Available
Vendor-xkbcommonn/aCanonical Ltd.
Product-ubuntu_linuxxkbcommonn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-15864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.74%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.

Action-Not Available
Vendor-xkbcommonn/aCanonical Ltd.
Product-ubuntu_linuxlibxkbcommonxkbcommonn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-15854
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.74%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.

Action-Not Available
Vendor-xkbcommon_projectn/aCanonical Ltd.
Product-ubuntu_linuxxkbcommonn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-15863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 41.18%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.

Action-Not Available
Vendor-xkbcommonn/aCanonical Ltd.
Product-ubuntu_linuxlibxkbcommonxkbcommonn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-15862
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.74%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.

Action-Not Available
Vendor-xkbcommonn/aCanonical Ltd.
Product-ubuntu_linuxlibxkbcommonxkbcommonn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found