Vulnerabilities > Linux > Linux Kernel > 4.9.167

DATE CVE VULNERABILITY TITLE RISK
2018-09-21 CVE-2018-16597 Incorrect Authorization vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.8.
local
low complexity
linux netapp opensuse CWE-863
5.5
2018-09-07 CVE-2018-16658 Information Exposure vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.18.6.
local
low complexity
linux canonical debian CWE-200
6.1
2018-09-06 CVE-2018-5391 Improper Input Validation vulnerability in multiple products
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly.
7.5
2018-09-04 CVE-2018-6555 Use After Free vulnerability in multiple products
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.
local
low complexity
linux debian canonical CWE-416
7.8
2018-09-04 CVE-2018-6554 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
local
low complexity
linux debian canonical CWE-772
5.5
2018-08-20 CVE-2018-15594 Information Exposure vulnerability in multiple products
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
local
low complexity
debian canonical linux CWE-200
5.5
2018-08-20 CVE-2018-15572 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
local
low complexity
debian canonical linux
6.5
2018-08-10 CVE-2018-7754 Information Exposure Through Log Files vulnerability in Linux Kernel
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
local
low complexity
linux CWE-532
5.5
2018-08-07 CVE-2018-5995 Information Exposure vulnerability in Linux Kernel
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
local
low complexity
linux CWE-200
5.5
2018-08-07 CVE-2018-5953 Information Exposure vulnerability in multiple products
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.
local
low complexity
linux debian CWE-200
5.5