CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » 2.1.82 : Security Vulnerabilities

Cpe Name:cpe:/o:linux:linux_kernel:2.1.82
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-20961 415 DoS 2019-08-07 2019-08-27
10.0
None Remote Low Not required Complete Complete Complete
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
2 CVE-2019-11811 416 2019-05-07 2019-05-31
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.
3 CVE-2019-15292 416 2019-08-21 2019-09-02
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
4 CVE-2019-15926 125 2019-09-04 2019-09-14
9.4
None Remote Low Not required Complete None Complete
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
5 CVE-2018-20836 416 2019-05-07 2019-05-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
6 CVE-2019-11815 362 2019-05-08 2019-06-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
7 CVE-2009-4031 20 DoS 2009-11-29 2018-11-16
7.8
None Remote Low Not required None None Complete
The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.
8 CVE-2017-2634 119 Overflow Mem. Corr. 2018-07-27 2019-10-09
7.8
None Remote Low Not required None None Complete
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
9 CVE-2019-9003 416 Exec Code 2019-02-22 2019-05-16
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
10 CVE-2019-11477 190 DoS Overflow 2019-06-18 2019-06-20
7.8
None Remote Low Not required None None Complete
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
11 CVE-2019-11810 476 DoS 2019-05-07 2019-06-07
7.8
None Remote Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
12 CVE-2019-15666 125 DoS 2019-08-27 2019-09-14
7.8
None Remote Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.
13 CVE-2019-15807 399 DoS 2019-08-29 2019-09-14
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.
14 CVE-2019-15916 119 DoS Overflow 2019-09-04 2019-10-04
7.8
None Remote Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
15 CVE-2019-16994 772 DoS 2019-09-30 2019-10-04
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
16 CVE-2019-16995 772 DoS 2019-09-30 2019-10-04
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
17 CVE-2007-6762 119 Overflow 2019-07-27 2019-09-27
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array.
18 CVE-2010-5331 119 Overflow 2019-07-27 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem.
19 CVE-2010-5332 119 Overflow 2019-07-27 2019-09-25
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access.
20 CVE-2011-5327 119 Overflow Mem. Corr. 2019-07-27 2019-09-26
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.
21 CVE-2012-6712 119 Overflow Mem. Corr. 2019-07-27 2019-08-01
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.
22 CVE-2015-9289 119 Overflow 2019-07-27 2019-07-31
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.
23 CVE-2016-10764 119 Overflow 2019-07-27 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.
24 CVE-2017-18174 415 2018-02-11 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
25 CVE-2017-18379 119 Overflow 2019-07-27 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
26 CVE-2018-20784 400 DoS 2019-02-22 2019-07-30
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
27 CVE-2009-2698 476 DoS +Priv 2009-08-27 2019-09-05
7.2
None Local Low Not required Complete Complete Complete
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
28 CVE-2017-7482 190 Mem. Corr. 2018-07-30 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
29 CVE-2017-15115 416 DoS 2017-11-15 2019-05-08
7.2
None Local Low Not required Complete Complete Complete
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
30 CVE-2017-15868 20 +Priv 2017-12-05 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
31 CVE-2017-16939 416 DoS +Priv 2017-11-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
32 CVE-2017-17805 20 DoS 2017-12-20 2018-10-31
7.2
None Local Low Not required Complete Complete Complete
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
33 CVE-2017-17806 787 Overflow 2017-12-20 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
34 CVE-2017-18075 763 DoS 2018-01-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
35 CVE-2017-18079 476 DoS 2018-01-29 2019-01-19
7.2
None Local Low Not required Complete Complete Complete
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
36 CVE-2017-18509 20 Exec Code 2019-08-13 2019-09-26
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
37 CVE-2017-18595 415 2019-09-04 2019-10-10
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
38 CVE-2017-1000363 787 Overflow 2017-07-17 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
39 CVE-2018-6555 416 DoS 2018-09-04 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.
40 CVE-2018-10675 416 DoS 2018-05-02 2019-04-16
7.2
None Local Low Not required Complete Complete Complete
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
41 CVE-2018-14619 20 2018-08-30 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.
42 CVE-2018-16276 20 2018-08-31 2019-01-15
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
43 CVE-2018-16882 416 +Priv 2019-01-03 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.
44 CVE-2018-20169 400 2018-12-17 2019-08-13
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
45 CVE-2019-8956 416 2019-04-01 2019-06-14
7.2
None Local Low Not required Complete Complete Complete
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
46 CVE-2019-13272 264 2019-07-17 2019-07-25
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
47 CVE-2019-14814 120 DoS Exec Code Overflow 2019-09-20 2019-09-24
7.2
None Local Low Not required Complete Complete Complete
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
48 CVE-2019-14816 120 DoS Exec Code Overflow 2019-09-20 2019-09-24
7.2
None Local Low Not required Complete Complete Complete
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
49 CVE-2019-15917 416 2019-09-04 2019-09-24
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
50 CVE-2019-15918 125 2019-09-04 2019-10-04
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
Total number of vulnerabilities : 152   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.