Vulnerabilities > Redhat > MRG Realtime > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2017-18344 Out-of-bounds Read vulnerability in multiple products
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read).
local
low complexity
linux canonical redhat CWE-125
5.5
2018-05-22 CVE-2018-3639 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
5.5