CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-17056 276 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
2 CVE-2019-17055 20 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
3 CVE-2019-17054 276 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.
4 CVE-2019-17053 276 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
5 CVE-2019-17052 276 2019-10-01 2019-10-08
2.1
None Local Low Not required None Partial None
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
6 CVE-2019-14284 369 DoS 2019-07-26 2019-08-11
2.1
None Local Low Not required None None Partial
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.
7 CVE-2019-12819 416 DoS 2019-06-13 2019-06-18
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.
8 CVE-2019-12380 388 2019-05-27 2019-10-10
2.1
None Local Low Not required None None Partial
**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because ?All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.?.
9 CVE-2019-11884 77 +Info 2019-05-10 2019-05-31
2.1
None Local Low Not required Partial None None
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
10 CVE-2019-11833 200 +Info 2019-05-15 2019-06-04
2.1
None Local Low Not required Partial None None
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
11 CVE-2019-7222 200 +Info 2019-03-21 2019-08-06
2.1
None Local Low Not required Partial None None
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
12 CVE-2019-5489 200 +Info 2019-01-07 2019-05-31
2.1
None Local Low Not required Partial None None
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
13 CVE-2018-20855 119 Overflow 2019-07-26 2019-08-16
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
14 CVE-2018-20511 200 +Info 2018-12-27 2019-04-01
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
15 CVE-2018-20510 200 +Info 2019-04-30 2019-05-03
2.1
None Local Low Not required Partial None None
The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file.
16 CVE-2018-20509 200 +Info 2019-04-30 2019-05-17
2.1
None Local Low Not required Partial None None
The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file.
17 CVE-2018-20449 200 +Info 2019-04-04 2019-05-02
2.1
None Local Low Not required Partial None None
The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
18 CVE-2018-19985 125 2019-03-21 2019-09-02
2.1
None Local Low Not required Partial None None
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
19 CVE-2018-18710 200 +Info 2018-10-29 2019-04-03
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.
20 CVE-2018-18397 2018-12-12 2019-10-02
2.1
None Local Low Not required None Partial None
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
21 CVE-2018-18386 704 2018-10-17 2019-04-23
2.1
None Local Low Not required None None Partial
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
22 CVE-2018-16862 200 +Info 2018-11-26 2019-04-01
2.1
None Local Low Not required Partial None None
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
23 CVE-2018-15594 200 +Info 2018-08-20 2019-10-02
2.1
None Local Low Not required Partial None None
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
24 CVE-2018-15572 2018-08-19 2019-10-02
2.1
None Local Low Not required Partial None None
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
25 CVE-2018-14656 20 2018-10-08 2019-10-09
2.1
None Local Low Not required Partial None None
A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.
26 CVE-2018-13053 190 Overflow 2018-07-02 2019-04-23
2.1
None Local Low Not required None None Partial
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.
27 CVE-2018-12896 190 DoS Overflow 2018-07-02 2019-04-03
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.
28 CVE-2018-11508 200 +Info 2018-05-28 2019-01-22
2.1
None Local Low Not required Partial None None
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
29 CVE-2018-10124 119 DoS Overflow 2018-04-16 2018-08-24
2.1
None Local Low Not required None None Partial
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
30 CVE-2018-10087 20 DoS 2018-04-13 2018-08-24
2.1
None Local Low Not required None None Partial
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
31 CVE-2018-8043 476 DoS 2018-03-10 2018-05-09
2.1
None Local Low Not required None None Partial
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
32 CVE-2018-7757 772 DoS 2018-03-08 2019-10-02
2.1
None Local Low Not required None None Partial
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
33 CVE-2018-7755 200 Bypass +Info 2018-03-08 2018-10-04
2.1
None Local Low Not required Partial None None
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
34 CVE-2018-7754 534 +Info 2018-08-10 2018-10-10
2.1
None Local Low Not required Partial None None
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
35 CVE-2018-6559 200 +Info 2018-10-26 2019-10-09
2.1
None Local Low Not required Partial None None
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
36 CVE-2018-5995 200 +Info 2018-08-07 2019-05-28
2.1
None Local Low Not required Partial None None
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
37 CVE-2018-5953 200 +Info 2018-08-07 2019-04-01
2.1
None Local Low Not required Partial None None
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.
38 CVE-2018-5750 200 +Info 2018-01-26 2018-10-31
2.1
None Local Low Not required Partial None None
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
39 CVE-2018-1118 200 +Info 2018-05-10 2019-10-09
2.1
None Local Low Not required Partial None None
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
40 CVE-2017-1000380 200 +Info 2017-06-17 2017-12-05
2.1
None Local Low Not required Partial None None
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
41 CVE-2017-1000252 20 DoS 2017-09-26 2019-10-02
2.1
None Local Low Not required None None Partial
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
42 CVE-2017-18550 200 +Info 2019-08-18 2019-08-23
2.1
None Local Low Not required Partial None None
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
43 CVE-2017-18549 200 +Info 2019-08-18 2019-08-23
2.1
None Local Low Not required Partial None None
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
44 CVE-2017-18344 125 2018-07-26 2019-03-28
2.1
None Local Low Not required Partial None None
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
45 CVE-2017-18232 DoS 2018-03-15 2019-10-02
2.1
None Local Low Not required None None Partial
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
46 CVE-2017-18216 476 DoS 2018-03-05 2018-10-30
2.1
None Local Low Not required None None Partial
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
47 CVE-2017-18204 DoS 2018-02-27 2019-10-02
2.1
None Local Low Not required None None Partial
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.
48 CVE-2017-17864 200 +Info 2017-12-27 2018-01-12
2.1
None Local Low Not required Partial None None
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
49 CVE-2017-17807 862 2017-12-20 2019-10-02
2.1
None Local Low Not required None Partial None
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
50 CVE-2017-17741 125 +Info 2017-12-18 2018-04-24
2.1
None Local Low Not required Partial None None
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
Total number of vulnerabilities : 346   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.