Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-12378 |
An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue Published: May 27, 2019; 11:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2018-7191 |
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. Published: May 17, 2019; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-11833 |
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. Published: May 15, 2019; 9:29:00 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-11884 |
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. Published: May 10, 2019; 6:29:00 PM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2019-11810 |
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. Published: May 07, 2019; 10:29:00 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2018-20836 |
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. Published: May 07, 2019; 10:29:00 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2019-11599 |
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. Published: April 29, 2019; 2:29:00 PM -0400 |
V4.0:(not available) V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2019-3900 |
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Published: April 25, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.1: 7.7 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-11487 |
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. Published: April 23, 2019; 6:29:05 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-11486 |
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. Published: April 23, 2019; 6:29:05 PM -0400 |
V4.0:(not available) V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2013-7470 |
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. Published: April 22, 2019; 11:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 7.1 HIGH |
CVE-2019-3901 |
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. Published: April 22, 2019; 12:29:01 PM -0400 |
V4.0:(not available) V3.1: 4.7 MEDIUM V2.0: 1.9 LOW |
CVE-2019-11191 |
The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported Published: April 11, 2019; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
CVE-2019-11190 |
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. Published: April 11, 2019; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.7 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2019-3460 |
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Published: April 11, 2019; 12:29:02 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2019-3459 |
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Published: April 11, 2019; 12:29:02 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2019-9857 |
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service. Published: March 21, 2019; 12:01:17 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-7222 |
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Published: March 21, 2019; 12:01:11 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-7221 |
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Published: March 21, 2019; 12:01:10 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-19985 |
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. Published: March 21, 2019; 12:00:33 PM -0400 |
V4.0:(not available) V3.0: 4.6 MEDIUM V2.0: 2.1 LOW |