VYPR

Vendor CVEs

Linux

All CVEs

15,975 total · sorted by risk
  • CVE-2020-11608MedApr 7, 2020
    risk 0.00cvss 4.3epss 0.01

    An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.

  • CVE-2020-11565MedApr 6, 2020
    risk 0.00cvss 6.0epss 0.01

    An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that…

  • CVE-2020-11494MedApr 2, 2020
    risk 0.00cvss 4.4epss 0.01

    An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks…

  • CVE-2020-8835HigApr 2, 2020
    risk 0.00cvss 7.8epss 0.06

    In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting…

  • CVE-2020-9391MedFeb 25, 2020
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka…

  • CVE-2020-9383HigFeb 25, 2020
    risk 0.00cvss 7.1epss 0.01

    An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

  • CVE-2020-8428HigJan 29, 2020
    risk 0.00cvss 7.1epss 0.01

    fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a…

  • CVE-2019-18282MedJan 16, 2020
    risk 0.00cvss 5.3epss 0.03

    The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of…

  • CVE-2020-7053HigJan 14, 2020
    risk 0.00cvss 7.8epss 0.01

    In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to…

  • CVE-2019-19927MedDec 31, 2019
    risk 0.00cvss 6.0epss 0.01

    In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related…

  • CVE-2019-20096MedDec 30, 2019
    risk 0.00cvss 5.5epss 0.01

    In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

  • CVE-2019-20095MedDec 30, 2019
    risk 0.00cvss 5.5epss 0.00

    mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.

  • CVE-2019-20054MedDec 28, 2019
    risk 0.00cvss 5.5epss 0.00

    In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.

  • CVE-2019-19966MedDec 25, 2019
    risk 0.00cvss 4.6epss 0.01

    In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.

  • CVE-2019-19965MedDec 25, 2019
    risk 0.00cvss 4.7epss 0.01

    In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

  • CVE-2019-19947MedDec 24, 2019
    risk 0.00cvss 4.6epss 0.00

    In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

  • CVE-2019-19922MedDec 22, 2019
    risk 0.00cvss 5.5epss 0.01

    kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1.…

  • CVE-2019-19815MedDec 17, 2019
    risk 0.00cvss 5.5epss 0.02

    In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.

  • CVE-2019-19807HigDec 15, 2019
    risk 0.00cvss 7.8epss 0.01

    In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer…

  • CVE-2019-19767MedDec 12, 2019
    risk 0.00cvss 5.5epss 0.02

    The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.

  • CVE-2019-19602MedDec 5, 2019
    risk 0.00cvss 6.1epss 0.01

    fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx…

  • CVE-2019-19543HigDec 3, 2019
    risk 0.00cvss 7.8epss 0.00

    In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.

  • CVE-2019-19537MedDec 3, 2019
    risk 0.00cvss 4.2epss 0.00

    In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.

  • CVE-2019-19536MedDec 3, 2019
    risk 0.00cvss 4.6epss 0.00

    In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

  • CVE-2019-19535MedDec 3, 2019
    risk 0.00cvss 4.6epss 0.01

    In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

  • CVE-2019-19534LowDec 3, 2019
    risk 0.00cvss 2.4epss 0.01

    In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

  • CVE-2019-19533LowDec 3, 2019
    risk 0.00cvss 2.4epss 0.00

    In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.

  • CVE-2019-19532MedDec 3, 2019
    risk 0.00cvss 6.8epss 0.01

    In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,…

  • CVE-2019-19531MedDec 3, 2019
    risk 0.00cvss 6.8epss 0.00

    In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.

  • CVE-2019-19530MedDec 3, 2019
    risk 0.00cvss 4.6epss 0.00

    In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.

  • CVE-2019-19529MedDec 3, 2019
    risk 0.00cvss 6.3epss 0.00

    In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.

  • CVE-2019-19528MedDec 3, 2019
    risk 0.00cvss 6.1epss 0.00

    In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

  • CVE-2019-19527MedDec 3, 2019
    risk 0.00cvss 6.8epss 0.00

    In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

  • CVE-2019-19526MedDec 3, 2019
    risk 0.00cvss 4.6epss 0.00

    In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

  • CVE-2019-19525MedDec 3, 2019
    risk 0.00cvss 4.6epss 0.00

    In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.

  • CVE-2019-19524MedDec 3, 2019
    risk 0.00cvss 4.6epss 0.01

    In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

  • CVE-2019-19523MedDec 3, 2019
    risk 0.00cvss 4.6epss 0.00

    In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.

  • CVE-2019-19319MedNov 27, 2019
    risk 0.00cvss 6.5epss 0.01

    In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka…

  • CVE-2019-18660MedNov 27, 2019
    risk 0.00cvss 4.7epss 0.01

    The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

  • CVE-2019-19252HigNov 25, 2019
    risk 0.00cvss 7.8epss 0.00

    vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.

  • CVE-2019-18675HigNov 25, 2019
    risk 0.00cvss 7.8epss 0.01

    The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel…

  • CVE-2019-14815HigNov 25, 2019
    risk 0.00cvss 7.8epss 0.00

    A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

  • CVE-2019-19227MedNov 22, 2019
    risk 0.00cvss 5.5epss 0.01

    In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client,…

  • CVE-2019-19083MedNov 18, 2019
    risk 0.00cvss 4.7epss 0.01

    Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in…

  • CVE-2019-19082MedNov 18, 2019
    risk 0.00cvss 4.7epss 0.00

    Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in…

  • CVE-2019-19075HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.04

    A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

  • CVE-2019-19063MedNov 18, 2019
    risk 0.00cvss 4.6epss 0.01

    Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

  • CVE-2019-19062MedNov 18, 2019
    risk 0.00cvss 4.7epss 0.01

    A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

  • CVE-2019-19061HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.03

    A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.

  • CVE-2019-19060HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.04

    A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.

Page 293 of 320