CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-16234 476 2019-09-11 2019-09-12
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
2 CVE-2019-16233 476 2019-09-11 2019-09-12
7.8
None Remote Low Not required None None Complete
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
3 CVE-2019-16232 476 2019-09-11 2019-09-13
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
4 CVE-2019-16231 476 2019-09-11 2019-09-13
7.8
None Remote Low Not required None None Complete
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
5 CVE-2019-16230 476 2019-09-11 2019-09-13
7.8
None Remote Low Not required None None Complete
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
6 CVE-2019-16229 476 2019-09-11 2019-09-13
7.8
None Remote Low Not required None None Complete
drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
7 CVE-2019-16089 476 2019-09-06 2019-09-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.
8 CVE-2019-15927 125 2019-09-04 2019-09-05
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.
9 CVE-2019-15926 125 2019-09-04 2019-09-14
9.4
None Remote Low Not required Complete None Complete
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
10 CVE-2019-15925 125 2019-09-04 2019-09-05
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.
11 CVE-2019-15920 416 2019-09-04 2019-09-06
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.
12 CVE-2019-15919 416 2019-09-04 2019-09-04
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.
13 CVE-2019-15918 125 2019-09-04 2019-09-05
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
14 CVE-2019-15917 416 2019-09-04 2019-09-05
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
15 CVE-2019-15916 119 DoS Overflow 2019-09-04 2019-09-05
7.8
None Remote Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
16 CVE-2019-15902 119 Overflow 2019-09-04 2019-09-06
7.5
None Remote Low Not required Partial Partial Partial
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
17 CVE-2019-15807 399 DoS 2019-08-29 2019-09-14
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.
18 CVE-2019-15666 125 DoS 2019-08-27 2019-09-14
7.8
None Remote Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.
19 CVE-2019-15538 399 2019-08-25 2019-09-04
7.8
None Remote Low Not required None None Complete
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
20 CVE-2019-15505 125 2019-08-23 2019-09-04
10.0
None Remote Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
21 CVE-2019-15504 415 2019-08-23 2019-09-04
10.0
None Remote Low Not required Complete Complete Complete
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
22 CVE-2019-15292 416 2019-08-21 2019-09-02
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
23 CVE-2019-15239 416 2019-08-20 2019-08-30
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.
24 CVE-2019-15099 476 2019-08-15 2019-09-05
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
25 CVE-2019-15098 476 2019-08-15 2019-09-05
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
26 CVE-2019-13272 264 2019-07-17 2019-07-25
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
27 CVE-2019-12615 476 DoS 2019-06-03 2019-07-10
7.8
None Remote Low Not required None None Complete
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
28 CVE-2019-12614 476 DoS 2019-06-03 2019-06-13
7.8
None Remote Low Not required None None Complete
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
29 CVE-2019-12456 20 DoS 2019-05-30 2019-06-20
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.
30 CVE-2019-12454 20 2019-05-30 2019-06-09
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors.
31 CVE-2019-11815 362 2019-05-08 2019-06-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
32 CVE-2019-11811 416 2019-05-07 2019-05-31
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.
33 CVE-2019-11810 476 DoS 2019-05-07 2019-06-07
7.8
None Remote Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
34 CVE-2019-11683 399 DoS Mem. Corr. 2019-05-02 2019-06-14
10.0
None Remote Low Not required Complete Complete Complete
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.
35 CVE-2019-11487 416 Overflow 2019-04-23 2019-05-17
7.2
None Local Low Not required Complete Complete Complete
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
36 CVE-2019-11477 190 DoS Overflow 2019-06-18 2019-06-20
7.8
None Remote Low Not required None None Complete
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
37 CVE-2019-10126 119 Overflow Mem. Corr. 2019-06-14 2019-06-17
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
38 CVE-2019-10125 94 2019-03-27 2019-06-14
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
39 CVE-2019-9003 416 Exec Code 2019-02-22 2019-05-16
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
40 CVE-2019-8980 399 DoS 2019-02-21 2019-05-06
7.8
None Remote Low Not required None None Complete
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
41 CVE-2019-8956 416 2019-04-01 2019-06-14
7.2
None Local Low Not required Complete Complete Complete
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
42 CVE-2019-8912 416 2019-02-18 2019-04-12
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
43 CVE-2019-3896 415 DoS 2019-06-18 2019-07-01
7.2
None Local Low Not required Complete Complete Complete
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
44 CVE-2019-3846 119 Overflow 2019-06-03 2019-06-09
8.3
None Local Network Low Not required Complete Complete Complete
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
45 CVE-2018-1000004 362 DoS 2018-01-16 2019-04-23
7.1
None Remote Medium Not required None None Complete
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
46 CVE-2018-20961 415 DoS 2019-08-07 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
47 CVE-2018-20836 416 2019-05-07 2019-05-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
48 CVE-2018-20784 400 DoS 2019-02-22 2019-07-30
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
49 CVE-2018-20669 20 DoS 2019-03-21 2019-06-14
7.2
None Local Low Not required Complete Complete Complete
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.
50 CVE-2018-20169 400 2018-12-17 2019-08-13
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
Total number of vulnerabilities : 790   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.