VYPR

Kernel

by Linux

Source repositories

CVEs (15,817)

  • CVE-2017-18551MedAug 19, 2019
    risk 0.00cvss 6.7epss 0.00

    An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.

  • CVE-2017-18550MedAug 19, 2019
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.

  • CVE-2017-18549MedAug 19, 2019
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.

  • CVE-2019-15118MedAug 16, 2019
    risk 0.00cvss 5.5epss 0.01

    check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

  • CVE-2019-15117HigAug 16, 2019
    risk 0.00cvss 7.8epss 0.01

    parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.

  • CVE-2019-15090MedAug 16, 2019
    risk 0.00cvss 6.7epss 0.00

    An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.

  • CVE-2017-18509HigAug 13, 2019
    risk 0.00cvss 7.8epss 0.01

    An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain…

  • CVE-2019-14763MedAug 7, 2019
    risk 0.00cvss 5.5epss 0.00

    In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.

  • CVE-2017-18379CriJul 27, 2019
    risk 0.00cvss 9.8epss 0.03

    In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.

  • CVE-2019-14284MedJul 26, 2019
    risk 0.00cvss 6.2epss 0.01

    In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero.…

  • CVE-2019-14283MedJul 26, 2019
    risk 0.00cvss 6.8epss 0.01

    In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU…

  • CVE-2018-20856HigJul 26, 2019
    risk 0.00cvss 7.8epss 0.01

    An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.

  • CVE-2018-20855LowJul 26, 2019
    risk 0.00cvss 3.3epss 0.00

    An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

  • CVE-2018-20854HigJul 26, 2019
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read.

  • CVE-2019-10639HigJul 5, 2019
    risk 0.00cvss 7.5epss 0.03

    The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for…

  • CVE-2019-10638MedJul 5, 2019
    risk 0.00cvss 6.5epss 0.03

    In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of…

  • CVE-2019-13233HigJul 4, 2019
    risk 0.00cvss 7.0epss 0.00

    In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.

  • CVE-2019-12984MedJun 26, 2019
    risk 0.00cvss 5.5epss 0.02

    A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.

  • CVE-2019-12817HigJun 25, 2019
    risk 0.00cvss 7.0epss 0.00

    arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.

  • CVE-2019-12819MedJun 14, 2019
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.

Page 730 of 791