Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:linux:linux_kernel:4.19.70:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-15220 |
An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15219 |
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15218 |
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15217 |
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15216 |
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15215 |
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15214 |
An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2019-15213 |
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15212 |
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15211 |
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory. Published: August 19, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15118 |
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Published: August 16, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15117 |
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. Published: August 16, 2019; 10:15:09 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2019-15099 |
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Published: August 15, 2019; 10:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2019-15098 |
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Published: August 15, 2019; 10:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-15090 |
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. Published: August 15, 2019; 8:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16871 |
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Published: July 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-14284 |
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. Published: July 26, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 6.2 MEDIUM V2.0: 2.1 LOW |
CVE-2019-14283 |
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. Published: July 26, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-20854 |
An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. Published: July 26, 2019; 1:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2019-13648 |
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. Published: July 19, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |