National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:3.10.8::~~~~arm64~
There are 1,875 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2019-19252

vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.

Published: November 25, 2019; 01:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-18675

The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.

Published: November 25, 2019; 09:15:12 AM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-10207

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.

Published: November 25, 2019; 09:15:11 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-14815

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

Published: November 25, 2019; 06:15:11 AM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-19227

In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.

Published: November 22, 2019; 09:15:11 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-19037

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.

Published: November 20, 2019; 10:15:10 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-19039

** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because ?1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.?

Published: November 20, 2019; 09:15:23 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 1.9 LOW
CVE-2019-19036

btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.

Published: November 20, 2019; 09:15:23 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-19083

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19082

Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19081

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19080

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19079

A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19078

A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19077

A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19076

A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19075

A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19074

A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19073

Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-19072

A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.

Published: November 18, 2019; 01:15:13 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH