CVE-2018-14619

MEDIUM Year: 2018
CVSS v3 Score
6.2
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-416
View all →

Vulnerability Description

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.

Related Vulnerabilities

CVE-2021-47224

MEDIUM
CVSS:6.2(Medium)

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: Make sure to free skb when it is completely used With the skb pointer piggy-backed on the TX BD, we have a simple and...

CWE-4162021

CVE-2021-47375

MEDIUM
CVSS:6.2(Medium)

In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blk_trace access after removing by sysfs There is an use-after-free problem triggered by following process: P1(...

CWE-4162021

CVE-2022-48674

MEDIUM
CVSS:6.2(Medium)

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: =========...

CWE-4162022

CVE-2022-48686

MEDIUM
CVSS:6.2(Medium)

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't...

CWE-4162022

CVE-2023-52838

MEDIUM
CVSS:6.2(Medium)

In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to...

CWE-4162023

CVE-2024-25385

MEDIUM
CVSS:6.2(Medium)

An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial of service via the flvmeta/src/flv.c:375:21 function in flv_close.

CWE-4162024