National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.4.29
There are 2,513 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)

Published: December 22, 2019; 03:15:10 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-19241

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.

Published: December 17, 2019; 03:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-19807

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.

Published: December 15, 2019; 06:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file).

Published: December 12, 2019; 03:15:17 PM -05:00
V3.1: 8.2 HIGH
    V2: 6.4 MEDIUM
CVE-2019-19769

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

Published: December 12, 2019; 03:15:17 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-19767

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.

Published: December 12, 2019; 03:15:17 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-19602

fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.

Published: December 05, 2019; 09:15:09 AM -05:00
V3.1: 7.8 HIGH
    V2: 6.9 MEDIUM
CVE-2019-19543

In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.

Published: December 03, 2019; 04:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-19537

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 4.2 MEDIUM
    V2: 4.7 MEDIUM
CVE-2019-19536

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 4.6 MEDIUM
    V2: 2.1 LOW
CVE-2019-19535

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 4.6 MEDIUM
    V2: 2.1 LOW
CVE-2019-19534

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 2.4 LOW
    V2: 2.1 LOW
CVE-2019-19533

In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 2.4 LOW
    V2: 2.1 LOW
CVE-2019-19532

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 6.8 MEDIUM
    V2: 4.6 MEDIUM
CVE-2019-19531

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 6.8 MEDIUM
    V2: 4.6 MEDIUM
CVE-2019-19530

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 4.6 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-19529

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 6.6 MEDIUM
    V2: 7.2 HIGH
CVE-2019-19528

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

Published: December 03, 2019; 11:15:13 AM -05:00
V3.1: 4.6 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

Published: December 03, 2019; 11:15:12 AM -05:00
V3.1: 6.8 MEDIUM
    V2: 7.2 HIGH
CVE-2019-19526

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

Published: December 03, 2019; 11:15:12 AM -05:00
V3.1: 4.6 MEDIUM
    V2: 4.9 MEDIUM