Vulnerabilities > Linux > Linux Kernel > 4.14.95
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-02 | CVE-2018-13053 | Integer Overflow or Wraparound vulnerability in Linux Kernel The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. | 2.1 |
| 2018-06-27 | CVE-2018-12904 | Unspecified vulnerability in Linux Kernel In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. | 4.4 |
| 2018-06-26 | CVE-2018-1000204 | Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. | 5.3 |
| 2018-06-22 | CVE-2018-12633 | Race Condition vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 4.17.2. | 6.3 |
| 2018-06-21 | CVE-2016-10723 | Resource Management Errors vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 4.17.2. | 5.5 |
| 2018-06-20 | CVE-2018-1120 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel A flaw was found affecting the Linux kernel before version 4.17. | 3.5 |
| 2018-06-12 | CVE-2018-12232 | Race Condition vulnerability in Linux Kernel In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. | 7.1 |
| 2018-05-28 | CVE-2018-11508 | Information Exposure vulnerability in Linux Kernel The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | 2.1 |
| 2018-05-24 | CVE-2018-11412 | Use After Free vulnerability in multiple products In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. | 4.3 |
| 2018-05-10 | CVE-2018-1118 | Improper Initialization vulnerability in multiple products Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. | 5.5 |