Kernel
by Linux
Source repositories
CVEs (15,817)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18551 | Med | 0.00 | 6.7 | 0.00 | Aug 19, 2019 | An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. | ||
| CVE-2017-18550 | Med | 0.00 | 5.5 | 0.01 | Aug 19, 2019 | An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. | ||
| CVE-2017-18549 | Med | 0.00 | 5.5 | 0.01 | Aug 19, 2019 | An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure. | ||
| CVE-2019-15118 | Med | 0.00 | 5.5 | 0.01 | Aug 16, 2019 | check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | ||
| CVE-2019-15117 | Hig | 0.00 | 7.8 | 0.01 | Aug 16, 2019 | parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. | ||
| CVE-2019-15090 | Med | 0.00 | 6.7 | 0.00 | Aug 16, 2019 | An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. | ||
| CVE-2017-18509 | Hig | 0.00 | 7.8 | 0.01 | Aug 13, 2019 | An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain… | ||
| CVE-2019-14763 | Med | 0.00 | 5.5 | 0.00 | Aug 7, 2019 | In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. | ||
| CVE-2017-18379 | Cri | 0.00 | 9.8 | 0.03 | Jul 27, 2019 | In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. | ||
| CVE-2019-14284 | Med | 0.00 | 6.2 | 0.01 | Jul 26, 2019 | In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero.… | ||
| CVE-2019-14283 | Med | 0.00 | 6.8 | 0.01 | Jul 26, 2019 | In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU… | ||
| CVE-2018-20856 | Hig | 0.00 | 7.8 | 0.01 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | ||
| CVE-2018-20855 | Low | 0.00 | 3.3 | 0.00 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | ||
| CVE-2018-20854 | Hig | 0.00 | 7.8 | 0.00 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. | ||
| CVE-2019-10639 | Hig | 0.00 | 7.5 | 0.03 | Jul 5, 2019 | The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for… | ||
| CVE-2019-10638 | Med | 0.00 | 6.5 | 0.03 | Jul 5, 2019 | In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of… | ||
| CVE-2019-13233 | Hig | 0.00 | 7.0 | 0.00 | Jul 4, 2019 | In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. | ||
| CVE-2019-12984 | Med | 0.00 | 5.5 | 0.02 | Jun 26, 2019 | A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. | ||
| CVE-2019-12817 | Hig | 0.00 | 7.0 | 0.00 | Jun 25, 2019 | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | ||
| CVE-2019-12819 | Med | 0.00 | 5.5 | 0.01 | Jun 14, 2019 | An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service. |
- risk 0.00cvss 6.7epss 0.00
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.
- risk 0.00cvss 5.5epss 0.01
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
- risk 0.00cvss 5.5epss 0.01
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
- risk 0.00cvss 5.5epss 0.01
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
- risk 0.00cvss 7.8epss 0.01
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
- risk 0.00cvss 6.7epss 0.00
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.
- risk 0.00cvss 7.8epss 0.01
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain…
- risk 0.00cvss 5.5epss 0.00
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
- risk 0.00cvss 9.8epss 0.03
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
- risk 0.00cvss 6.2epss 0.01
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero.…
- risk 0.00cvss 6.8epss 0.01
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU…
- risk 0.00cvss 7.8epss 0.01
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
- risk 0.00cvss 3.3epss 0.00
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
- risk 0.00cvss 7.8epss 0.00
An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read.
- risk 0.00cvss 7.5epss 0.03
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for…
- risk 0.00cvss 6.5epss 0.03
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of…
- risk 0.00cvss 7.0epss 0.00
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
- risk 0.00cvss 5.5epss 0.02
A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.
- risk 0.00cvss 7.0epss 0.00
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.
- risk 0.00cvss 5.5epss 0.01
An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.
Page 730 of 791