How severe is CVE-2018-18955?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2018-18955?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2018-18955

HIGH Year: 2018

CVSS v3 Score

7.0

High

CVSS v2 Score

4.4

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

CVE-2019-3827

HIGH

CVSS:7.0(High)

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authen...

CWE-8632019

CVE-2021-20188

HIGH

CVSS:7.0(High)

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the co...

CWE-8632021

CVE-2023-27899

HIGH

CVSS:7.0(High)

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installa...

CWE-8632023

CVE-2025-26330

HIGH

CVSS:7.0(High)

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability ...

CWE-8632025

CVE-2016-6591

HIGH

CVSS:7.1(High)

A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.

CWE-8632016

CVE-2017-15091

HIGH

CVSS:7.1(High)

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the s...

CWE-8632017

CVE-2018-18955

Vulnerability Description

Related Vulnerabilities

CVE-2019-3827

CVE-2021-20188

CVE-2023-27899

CVE-2025-26330

CVE-2016-6591

CVE-2017-15091