Serious vulnerabilities in Linux that you must know


The Linux kernel is one of the most influential projects in use today, being one of the pillars of the open source ecosystem. It was written in the 1990s by Linus Torvalds, after whom the project is named, and is licenced under the GNU GPL licence for usage in open source projects.

The Linux kernel has an active and engaged community of over 12,000 engineers, including talent from tech giants like Microsoft, Google, Intel, and Red Hat, with over 823k commits and 25,215 forks noted on its GitHub website.

#1 CVE-2017-18017‏

Linux Kernel netfilter:xt_TCPMSS‏

CVSS v2: 10 High‏

Versions affected: Before 4.11, and 4.9x before 4.9.36. Despite having 2017 in its ID, this huge vulnerability topped our list of Linux kernel CVEs for 2018. This is because it was first reported in 2017 and had its ID reserved before being published in January 2018 by the National Vulnerability Database.

#2 CVE-2015-8812‏


CVSS v2: 10 High‏

Before version 4.5, a critical issue was discovered in the Linux kernel’s drivers/infiniband/hw/cxgb3/iwch cm.c when it was discovered that it did not properly recognise fault conditions. Remote attackers could use crafted packets to execute arbitrary code or cause a denial of service (use-after-free) as a result of this vulnerability. ‏

#3 CVE-2016-10229‏


CVSS v2: 10 High‏

Versions that were impacted: prior to version 4.5 With this Linux vulnerability, remote attackers can execute arbitrary code via UDP traffic that triggers an unsafe second checksum during the execution of a recv system call with the MSG PEEK flag, which is short and to the point.

#4 CVE-2014-2523‏


CVSS v2: 10 High‏

Impacted versions: 3.13.6 and up Another significant vulnerability in the Linux kernel’s netfilter has surfaced, this time due to the inappropriate use of a DCCP header reference. Through a DCCP packet that causes a call to either the dccp new, dccp packet, or dccp error function, remote attackers can cause a denial of service (system crash) or possibly execute arbitrary code. ‏

#5 CVE-2016-10150‏


CVSS v2: 10 High‏

Before 4.8.13, a use-after-free vulnerability in the Linux kernel was discovered in the virt/kvm/kvm main.c function kvm ioctl create device. It allows users of the operating system to launch a denial-of-service attack.

Leave a Reply

Your email address will not be published.