Vulnerabilities (CVE)

Vendor filter

Linux Subscribe

Product filter

Linux Kernel Subscribe

Filter

2239 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6974 2 Linux, Debian 2 Linux Kernel, Debian Linux 2019-04-19 6.8
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2018-1066 3 Linux, Canonical, Debian 3 Linux Kernel, Ubuntu Linux, Debian Linux 2019-04-19 7.1
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty...
CVE-2019-11191 1 Linux 1 Linux Kernel 2019-04-18 4.7
The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in...
CVE-2016-10741 2 Linux, Debian 2 Linux Kernel, Debian Linux 2019-04-18 4.7
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead...
CVE-2019-7308 3 Linux, Canonical, Opensuse 3 Linux Kernel, Ubuntu Linux, Leap 2019-04-18 4.7
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to...
CVE-2017-18360 2 Linux, Canonical 2 Linux Kernel, Ubuntu Linux 2019-04-17 4.9
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
CVE-2018-1000204 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2019-04-16 6.3
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been...
CVE-2017-8925 2 Linux, Debian 2 Linux Kernel, Debian Linux 2019-04-16 2.1
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVE-2017-8924 2 Linux, Debian 2 Linux Kernel, Debian Linux 2019-04-16 2.1
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB...
CVE-2018-1068 4 Linux, Redhat, Canonical and 1 more 10 Linux Kernel, Virtualization Host, Ubuntu Linux and 7 more 2019-04-16 7.2
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2018-10675 3 Linux, Redhat, Canonical 9 Linux Kernel, Virtualization Host, Ubuntu Linux and 6 more 2019-04-16 7.2
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2018-18955 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2019-04-16 4.4
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an...
CVE-2018-16880 2 Linux, Canonical 2 Linux Kernel, Ubuntu Linux 2019-04-16 6.9
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel...
CVE-2019-11190 1 Linux 1 Linux Kernel 2019-04-15 4.7
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race...
CVE-2019-3887 1 Linux 1 Linux Kernel 2019-04-15 4.7
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is...
CVE-2019-3701 2 Linux, Debian 2 Linux Kernel, Debian Linux 2019-04-12 7.1
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN...
CVE-2019-3837 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-04-12 4.9
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on...
CVE-2019-9213 2 Linux, Debian 2 Linux Kernel, Debian Linux 2019-04-12 4.9
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability...
CVE-2019-8980 1 Linux 1 Linux Kernel 2019-04-12 7.8
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8912 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2019-04-12 7.2
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.