USN-3848-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2017-18174 CVE-2018-12896 CVE-2018-18690 CVE-2018-18710 UBUNTU-CVE-2017-18174 UBUNTU-CVE-2018-12896

Published: 20 Dec 2018, 23:11

Last modified:22 Apr 2026, 09:51

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Dec 2018, 23:11

Published

Vulnerability first disclosed

22 Apr 2026, 09:51

Last Modified

Vulnerability information updated

Description

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18174) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710)

Affected Systems

ubuntu•linux
< 4.4.0-141.167
ubuntu•linux-aws
< 4.4.0-1074.84
ubuntu•linux-kvm
< 4.4.0-1039.45
ubuntu•linux-raspi2
< 4.4.0-1102.110
ubuntu•linux-snapdragon
< 4.4.0-1106.111

USN-3848-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)