Vulnerabilities > Linux > Linux Kernel > 4.11.10

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2018-15594 Information Exposure vulnerability in multiple products
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
local
low complexity
debian canonical linux CWE-200
2.1
2018-08-20 CVE-2018-15572 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
local
low complexity
debian canonical linux
2.1
2018-08-17 CVE-2018-15471 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products.
local
low complexity
xen linux canonical CWE-125
7.8
2018-08-10 CVE-2018-7754 Information Exposure Through Log Files vulnerability in Linux Kernel
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
local
low complexity
linux CWE-532
2.1
2018-08-07 CVE-2018-5995 Information Exposure vulnerability in Linux Kernel
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
local
low complexity
linux CWE-200
2.1
2018-08-07 CVE-2018-5953 Information Exposure vulnerability in multiple products
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.
local
low complexity
linux debian CWE-200
2.1
2018-08-06 CVE-2018-5390 Resource Exhaustion vulnerability in multiple products
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
7.5
2018-07-29 CVE-2018-14734 Use After Free vulnerability in Linux Kernel
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
local
low complexity
linux canonical debian CWE-416
6.1
2018-07-27 CVE-2018-14617 NULL Pointer Dereference vulnerability in Linux Kernel
An issue was discovered in the Linux kernel through 4.17.10.
7.1
2018-07-27 CVE-2018-14616 NULL Pointer Dereference vulnerability in Linux Kernel
An issue was discovered in the Linux kernel through 4.17.10.
network
linux CWE-476
7.1