CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-1763 20 3 +Priv 2013-02-28 2014-05-16
7.2
None Local Low Not required Complete Complete Complete
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
2 CVE-2009-2692 119 2 Overflow +Priv 2009-08-14 2018-10-10
7.2
Admin Local Low Not required Complete Complete Complete
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
3 CVE-2015-1328 264 1 2016-11-27 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
4 CVE-2014-9322 264 1 +Priv 2014-12-17 2017-11-09
7.2
User Local Low Not required Complete Complete Complete
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
5 CVE-2014-3631 1 DoS 2014-09-28 2015-03-17
7.2
None Local Low Not required Complete Complete Complete
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
6 CVE-2014-3153 264 1 +Priv 2014-06-07 2019-04-22
7.2
None Local Low Not required Complete Complete Complete
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
7 CVE-2013-2094 189 1 +Priv 2013-05-14 2017-01-06
7.2
None Local Low Not required Complete Complete Complete
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
8 CVE-2019-11815 362 2019-05-08 2019-05-20
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
9 CVE-2019-11811 416 2019-05-07 2019-05-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.
10 CVE-2019-11810 476 DoS 2019-05-07 2019-05-10
7.8
None Remote Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
11 CVE-2019-11683 399 DoS Mem. Corr. 2019-05-02 2019-05-17
10.0
None Remote Low Not required Complete Complete Complete
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.
12 CVE-2019-11487 416 Overflow 2019-04-23 2019-05-17
7.2
None Local Low Not required Complete Complete Complete
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
13 CVE-2019-10125 94 2019-03-27 2019-04-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
14 CVE-2019-9003 416 Exec Code 2019-02-22 2019-05-16
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
15 CVE-2019-8980 399 DoS 2019-02-21 2019-05-06
7.8
None Remote Low Not required None None Complete
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
16 CVE-2019-8956 416 2019-04-01 2019-04-03
7.2
None Local Low Not required Complete Complete Complete
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
17 CVE-2019-8912 416 2019-02-18 2019-04-12
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
18 CVE-2018-1000004 362 DoS 2018-01-16 2019-04-23
7.1
None Remote Medium Not required None None Complete
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
19 CVE-2018-20836 416 2019-05-07 2019-05-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
20 CVE-2018-20669 20 DoS 2019-03-21 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.
21 CVE-2018-20169 400 2018-12-17 2019-05-06
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
22 CVE-2018-18445 125 2018-10-17 2019-04-08
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
23 CVE-2018-17182 416 Overflow +Priv 2018-09-19 2019-01-10
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
24 CVE-2018-16882 416 +Priv 2019-01-03 2019-04-23
7.2
None Local Low Not required Complete Complete Complete
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.
25 CVE-2018-16276 20 2018-08-31 2019-01-15
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
26 CVE-2018-14678 264 DoS +Priv 2018-07-28 2019-04-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.
27 CVE-2018-14641 20 2018-09-18 2018-11-27
7.1
None Remote Medium Not required None None Complete
A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.
28 CVE-2018-14634 190 Overflow 2018-09-25 2018-11-27
7.2
None Local Low Not required Complete Complete Complete
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
29 CVE-2018-14633 119 Overflow 2018-09-24 2018-11-27
8.3
None Remote Medium Not required Partial Partial Complete
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
30 CVE-2018-14619 20 2018-08-30 2018-10-31
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.
31 CVE-2018-14617 476 2018-07-27 2019-03-28
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
32 CVE-2018-14616 476 2018-07-27 2019-04-02
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
33 CVE-2018-14615 119 Overflow 2018-07-27 2018-09-19
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.
34 CVE-2018-14614 476 2018-07-27 2019-04-02
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.
35 CVE-2018-14613 476 2018-07-27 2019-04-02
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.
36 CVE-2018-14612 476 2018-07-27 2019-04-02
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c.
37 CVE-2018-14611 416 2018-07-27 2019-04-02
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c.
38 CVE-2018-14610 125 2018-07-27 2019-04-02
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c.
39 CVE-2018-14609 476 2018-07-27 2019-03-28
7.1
None Remote Medium Not required None None Complete
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.
40 CVE-2018-13406 190 Overflow 2018-07-06 2018-08-29
7.2
None Local Low Not required Complete Complete Complete
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
41 CVE-2018-12931 787 DoS 2018-06-28 2018-08-21
7.2
None Local Low Not required Complete Complete Complete
ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.
42 CVE-2018-12930 787 DoS 2018-06-28 2018-08-21
7.2
None Local Low Not required Complete Complete Complete
ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.
43 CVE-2018-12714 787 DoS 2018-06-24 2018-08-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.
44 CVE-2018-12232 362 2018-06-12 2018-10-31
7.1
None Remote Medium Not required None None Complete
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
45 CVE-2018-11506 119 DoS Overflow 2018-05-28 2018-10-31
7.2
None Local Low Not required Complete Complete Complete
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.
46 CVE-2018-10938 399 2018-08-27 2018-11-06
7.1
None Remote Medium Not required None None Complete
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.
47 CVE-2018-10901 264 2018-07-26 2019-04-23
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.
48 CVE-2018-10880 787 DoS 2018-07-25 2019-04-01
7.1
None Remote Medium Not required None None Complete
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
49 CVE-2018-10840 119 Overflow 2018-07-16 2018-12-07
7.2
None Local Low Not required Complete Complete Complete
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
50 CVE-2018-10675 416 DoS 2018-05-02 2019-04-16
7.2
None Local Low Not required Complete Complete Complete
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
Total number of vulnerabilities : 750   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.