USN-3847-1

Advisory lineage Upstream: 14 Downstream: 0
Published: 20 Dec 2018, 22:39
Last modified:22 Apr 2026, 09:52

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

20 Dec 2018, 22:39
Published
Vulnerability first disclosed
22 Apr 2026, 09:52
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710)

Affected Systems

  • ubuntulinux

    < 4.15.0-43.46

  • ubuntulinux-aws

    < 4.15.0-1031.33

  • ubuntulinux-azure

    < 4.15.0-1036.38

  • ubuntulinux-gcp

    < 4.15.0-1026.27

  • ubuntulinux-kvm

    < 4.15.0-1028.28

  • ubuntulinux-oem

    < 4.15.0-1030.35

  • ubuntulinux-raspi2

    < 4.15.0-1030.32

References (8)