National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:4.9.10
There are 1,387 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2019-15030

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.

Published: September 13, 2019; 09:15:11 AM -04:00
V3.1: 7.1 HIGH
    V2: 3.6 LOW
CVE-2019-16089

An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.

Published: September 06, 2019; 07:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15927

An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.

Published: September 04, 2019; 05:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15926

An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.

Published: September 04, 2019; 05:15:11 PM -04:00
V3.0: 9.1 CRITICAL
    V2: 9.4 HIGH
CVE-2019-15925

An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.

Published: September 04, 2019; 05:15:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2018-21008

An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.

Published: September 04, 2019; 05:15:10 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-18595

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.

Published: September 04, 2019; 05:15:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15924

An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15923

An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15922

An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15921

An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-15920

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15919

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15918

An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15917

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.

Published: September 04, 2019; 03:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15916

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.

Published: September 04, 2019; 11:15:11 AM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15902

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Published: September 04, 2019; 02:15:10 AM -04:00
V3.1: 5.6 MEDIUM
    V2: 4.7 MEDIUM
CVE-2019-15807

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

Published: August 29, 2019; 02:15:12 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15666

An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.

Published: August 27, 2019; 01:15:10 AM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15538

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

Published: August 25, 2019; 12:15:11 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH