U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*
  • CPE Name Search: true
There are 2,190 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2020-11565

** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”.

Published: April 05, 2020; 9:15:12 PM -0400
V3.1: 6.0 MEDIUM
V2.0: 3.6 LOW
CVE-2020-11494

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.

Published: April 02, 2020; 5:15:13 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2020-10942

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

Published: March 24, 2020; 6:15:12 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.4 MEDIUM
CVE-2020-9383

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

Published: February 25, 2020; 11:15:11 AM -0500
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2011-4915

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

Published: February 20, 2020; 1:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2011-2498

The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.

Published: February 19, 2020; 11:15:10 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2012-0055

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

Published: February 19, 2020; 1:15:09 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-8992

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

Published: February 14, 2020; 12:15:13 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2012-0810

The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.

Published: February 12, 2020; 9:15:10 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2020-8649

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

Published: February 05, 2020; 8:15:10 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 3.6 LOW
CVE-2020-8648

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

Published: February 05, 2020; 8:15:10 PM -0500
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2020-8647

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

Published: February 05, 2020; 8:15:10 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 3.6 LOW
CVE-2019-20422

In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.

Published: January 27, 2020; 12:15:10 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-20096

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

Published: December 30, 2019; 12:15:11 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2019-20095

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.

Published: December 30, 2019; 12:15:11 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2019-20054

In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.

Published: December 28, 2019; 12:15:11 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2019-19966

In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.

Published: December 24, 2019; 11:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 2.1 LOW
CVE-2019-19965

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

Published: December 24, 2019; 11:15:12 PM -0500
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2019-19947

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

Published: December 23, 2019; 7:15:10 PM -0500
V3.1: 4.6 MEDIUM
V2.0: 2.1 LOW
CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

Published: December 23, 2019; 2:15:11 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 3.3 LOW