National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:5.2.3
There are 1,015 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2019-15031

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.

Published: September 13, 2019; 09:15:11 AM -04:00
V3.1: 7.1 HIGH
    V2: 3.6 LOW
CVE-2019-15030

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.

Published: September 13, 2019; 09:15:11 AM -04:00
V3.1: 4.4 MEDIUM
    V2: 3.6 LOW
CVE-2019-16089

An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.

Published: September 06, 2019; 07:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15902

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Published: September 04, 2019; 02:15:10 AM -04:00
V3.1: 5.6 MEDIUM
    V2: 4.7 MEDIUM
CVE-2019-15538

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

Published: August 25, 2019; 12:15:11 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15505

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

Published: August 23, 2019; 02:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-15504

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

Published: August 23, 2019; 02:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-15291

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

Published: August 20, 2019; 10:15:11 AM -04:00
V3.0: 4.6 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15222

An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver.

Published: August 19, 2019; 06:15:11 PM -04:00
V3.0: 4.6 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15215

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

Published: August 19, 2019; 06:15:11 PM -04:00
V3.0: 4.6 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15211

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.

Published: August 19, 2019; 06:15:11 PM -04:00
V3.0: 4.6 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15118

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

Published: August 16, 2019; 10:15:10 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15117

parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.

Published: August 16, 2019; 10:15:09 AM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-15099

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

Published: August 15, 2019; 10:15:11 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15098

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

Published: August 15, 2019; 10:15:11 PM -04:00
V3.1: 4.6 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

Published: April 09, 2019; 12:29:01 PM -04:00
V3.0: 5.6 MEDIUM
    V2: 4.7 MEDIUM
CVE-2018-16880

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.

Published: January 29, 2019; 11:29:00 AM -05:00
V3.0: 7.0 HIGH
    V2: 6.9 MEDIUM
CVE-2019-3819

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.

Published: January 25, 2019; 01:29:00 PM -05:00
V3.0: 4.4 MEDIUM
    V2: 4.9 MEDIUM
CVE-2018-1802

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.

Published: November 08, 2018; 08:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2018-1799

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429.

Published: November 08, 2018; 08:29:00 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 3.6 LOW