Vulnerabilities > Linux > Linux Kernel > 4.18.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-03 | CVE-2018-16882 | Use After Free vulnerability in multiple products A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. | 8.8 |
| 2018-12-18 | CVE-2018-16884 | Use After Free vulnerability in multiple products A flaw was found in the Linux kernel's NFS41+ subsystem. | 8.0 |
| 2018-12-17 | CVE-2018-20169 | Resource Exhaustion vulnerability in multiple products An issue was discovered in the Linux kernel before 4.19.9. | 6.8 |
| 2018-12-12 | CVE-2018-18397 | Incorrect Authorization vulnerability in multiple products The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | 2.1 |
| 2018-12-04 | CVE-2018-19854 | Information Exposure vulnerability in Linux Kernel An issue was discovered in the Linux kernel before 4.19.3. | 1.9 |
| 2018-12-03 | CVE-2018-19824 | Use After Free vulnerability in Linux Kernel In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | 4.6 |
| 2018-11-21 | CVE-2018-19407 | NULL Pointer Dereference vulnerability in Linux Kernel The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. | 4.9 |
| 2018-11-21 | CVE-2018-19406 | NULL Pointer Dereference vulnerability in Linux Kernel kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized. | 4.9 |
| 2018-11-16 | CVE-2018-18955 | Incorrect Authorization vulnerability in multiple products In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. | 4.4 |
| 2018-10-30 | CVE-2018-18281 | Incomplete Cleanup vulnerability in multiple products Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. | 4.6 |