Jan Kara

5 exploits Active since Mar 2013
CVE-2012-6548 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVE-2012-6549 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVE-2013-1848 WRITEUP WRITEUP
Linux Kernel < 3.8.3 - Improper Input Validation
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.
CVE-2015-4167 WRITEUP WRITEUP
Debian Linux < 3.19 - Numeric Error
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
CVE-2017-7495 WRITEUP MEDIUM WRITEUP
Linux kernel <4.6.2 - Info Disclosure
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.
CVSS 5.5