4.14.73

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-17	CVE-2018-18445	Out-of-bounds Read vulnerability in multiple products In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. local low complexity linux canonical redhat CWE-125	7.8
2018-10-07	CVE-2018-18021	Improper Input Validation vulnerability in multiple products arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. local low complexity linux debian canonical CWE-20	7.1
2018-10-03	CVE-2018-17972	Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. local low complexity linux canonical redhat debian CWE-362	5.5
2018-09-21	CVE-2018-16597	Incorrect Authorization vulnerability in multiple products An issue was discovered in the Linux kernel before 4.8. local low complexity linux netapp opensuse CWE-863	5.5
2018-09-07	CVE-2018-16658	Information Exposure vulnerability in multiple products An issue was discovered in the Linux kernel before 4.18.6. local low complexity linux canonical debian CWE-200	6.1
2018-09-06	CVE-2018-5391	Improper Input Validation vulnerability in multiple products The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. network low complexity linux redhat debian canonical microsoft f5 siemens CWE-20	7.5
2018-09-04	CVE-2018-6555	Use After Free vulnerability in multiple products The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. local low complexity linux debian canonical CWE-416	7.8
2018-09-04	CVE-2018-6554	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. local low complexity linux debian canonical CWE-772	5.5
2018-08-20	CVE-2018-15594	Information Exposure vulnerability in multiple products arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. local low complexity debian canonical linux CWE-200	5.5
2018-08-20	CVE-2018-15572	The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. local low complexity debian canonical linux	6.5