National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): linux
There are 7,462 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Published: January 07, 2019; 12:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2019-3701

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.

Published: January 03, 2019; 11:29:00 AM -05:00
V3: 4.4 MEDIUM
V2: 4.9 MEDIUM
CVE-2018-16885

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.

Published: January 03, 2019; 11:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.

Published: January 03, 2019; 11:29:00 AM -05:00
V3: 8.8 HIGH
V2: 7.2 HIGH
CVE-2018-20131

The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.

Published: January 02, 2019; 08:29:00 PM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-20511

An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.

Published: December 27, 2018; 09:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.

Published: December 20, 2018; 06:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11988

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.

Published: December 20, 2018; 10:29:03 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11987

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.

Published: December 20, 2018; 10:29:03 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11986

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.

Published: December 20, 2018; 10:29:03 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11985

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11984

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11983

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11965

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11964

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11963

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11961

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11960

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-1000849

Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-9704

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free.

Published: December 20, 2018; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH