Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-14835 | 7.2 |
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript
|
15-12-2023 - 15:29 | 17-09-2019 - 16:15 | |
CVE-2019-11479 | 5.0 |
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial
|
16-08-2023 - 14:17 | 19-06-2019 - 00:15 | |
CVE-2019-11811 | 6.9 |
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and
|
11-08-2023 - 19:54 | 07-05-2019 - 14:29 | |
CVE-2017-7533 | 6.9 |
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_han
|
21-06-2023 - 15:57 | 05-08-2017 - 16:29 | |
CVE-2018-18559 | 6.8 |
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a ra
|
16-05-2023 - 11:14 | 22-10-2018 - 16:29 | |
CVE-2020-25643 | 7.5 |
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial
|
16-05-2023 - 10:48 | 06-10-2020 - 14:15 | |
CVE-2018-8781 | 7.2 |
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissi
|
03-03-2023 - 19:22 | 23-04-2018 - 19:29 | |
CVE-2018-9568 | 7.2 |
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi
|
24-02-2023 - 18:43 | 06-12-2018 - 14:29 | |
CVE-2017-2636 | 6.9 |
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
|
24-02-2023 - 18:43 | 07-03-2017 - 22:59 | |
CVE-2017-7308 | 7.2 |
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or
|
14-02-2023 - 18:32 | 29-03-2017 - 20:59 | |
CVE-2018-14634 | 7.2 |
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6
|
13-02-2023 - 04:51 | 25-09-2018 - 21:29 | |
CVE-2015-7872 | 2.1 |
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
|
13-02-2023 - 00:55 | 16-11-2015 - 11:59 | |
CVE-2020-14331 | 7.2 |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local us
|
12-02-2023 - 23:40 | 15-09-2020 - 19:15 | |
CVE-2017-7558 | 5.0 |
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in
|
12-02-2023 - 23:31 | 26-07-2018 - 15:29 | |
CVE-2017-7472 | 4.9 |
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
|
12-02-2023 - 23:30 | 11-05-2017 - 19:29 | |
CVE-2016-4470 | 4.9 |
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a craft
|
12-02-2023 - 23:21 | 27-06-2016 - 10:59 | |
CVE-2016-0758 | 7.2 |
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
|
12-02-2023 - 23:16 | 27-06-2016 - 10:59 | |
CVE-2017-6074 | 7.2 |
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double
|
10-02-2023 - 00:53 | 18-02-2017 - 21:59 | |
CVE-2017-7895 | 10.0 |
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted reque
|
19-01-2023 - 16:13 | 28-04-2017 - 10:59 | |
CVE-2016-9555 | 10.0 |
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified
|
19-01-2023 - 16:13 | 28-11-2016 - 03:59 | |
CVE-2019-9500 | 7.9 |
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an h
|
19-01-2023 - 15:53 | 16-01-2020 - 21:15 | |
CVE-2017-1000251 | 7.7 |
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remot
|
19-01-2023 - 15:53 | 12-09-2017 - 17:29 | |
CVE-2016-4565 | 7.2 |
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI int
|
17-01-2023 - 21:40 | 23-05-2016 - 10:59 | |
CVE-2016-8666 | 7.8 |
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrat
|
17-01-2023 - 21:36 | 16-10-2016 - 21:59 | |
CVE-2020-12888 | 4.7 |
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
|
14-11-2022 - 19:44 | 15-05-2020 - 18:15 | |
CVE-2019-17133 | 7.5 |
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
|
03-11-2022 - 02:41 | 04-10-2019 - 12:15 | |
CVE-2020-9383 | 3.6 |
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
|
29-10-2022 - 02:34 | 25-02-2020 - 16:15 | |
CVE-2019-9456 | 4.6 |
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation
|
14-10-2022 - 01:39 | 06-09-2019 - 22:15 | |
CVE-2019-11135 | 2.1 |
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
07-10-2022 - 15:03 | 14-11-2019 - 19:15 | |
CVE-2020-12352 | 3.3 |
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
|
12-08-2022 - 18:28 | 23-11-2020 - 17:15 | |
CVE-2019-0155 | 7.2 |
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G390
|
22-04-2022 - 19:57 | 14-11-2019 - 19:15 | |
CVE-2020-10711 | 4.3 |
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the
|
22-04-2022 - 18:53 | 22-05-2020 - 15:15 | |
CVE-2019-9503 | 7.9 |
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will c
|
18-04-2022 - 18:09 | 16-01-2020 - 21:15 | |
CVE-2016-5696 | 5.8 |
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
|
17-11-2021 - 22:15 | 06-08-2016 - 20:59 | |
CVE-2019-9506 | 4.8 |
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") tha
|
04-11-2021 - 15:58 | 14-08-2019 - 17:15 | |
CVE-2018-3639 | 2.1 |
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
|
13-08-2021 - 15:26 | 22-05-2018 - 12:29 | |
CVE-2018-3665 | 4.7 |
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
|
09-06-2021 - 16:24 | 21-06-2018 - 20:29 | |
CVE-2019-7221 | 4.6 |
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
|
15-10-2020 - 13:28 | 21-03-2019 - 16:01 | |
CVE-2020-14331 | 7.2 |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local us
|
28-09-2020 - 16:15 | 15-09-2020 - 19:15 | |
CVE-2020-12888 | 4.7 |
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
|
28-09-2020 - 16:15 | 15-05-2020 - 18:15 | |
CVE-2018-7566 | 4.6 |
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
|
24-08-2020 - 17:37 | 30-03-2018 - 21:29 | |
CVE-2019-11091 | 4.7 |
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
24-08-2020 - 17:37 | 30-05-2019 - 16:29 | |
CVE-2019-15239 | 7.2 |
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue tha
|
18-08-2020 - 15:05 | 20-08-2019 - 08:15 | |
CVE-2019-19338 | 2.1 |
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a hos
|
21-07-2020 - 17:17 | 13-07-2020 - 17:15 | |
CVE-2020-12654 | 4.3 |
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
|
16-06-2020 - 20:15 | 05-05-2020 - 05:15 | |
CVE-2016-6198 | 4.9 |
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related t
|
27-12-2019 - 16:08 | 06-08-2016 - 20:59 | |
CVE-2018-14646 | 4.9 |
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assi
|
09-10-2019 - 23:35 | 26-11-2018 - 19:29 | |
CVE-2017-7518 | 4.6 |
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/pr
|
09-10-2019 - 23:29 | 30-07-2018 - 15:29 | |
CVE-2018-8897 | 7.2 |
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that
|
03-10-2019 - 00:03 | 08-05-2018 - 18:29 | |
CVE-2017-13167 | 7.2 |
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.
|
03-10-2019 - 00:03 | 06-12-2017 - 14:29 | |
CVE-2018-6927 | 4.6 |
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
|
06-03-2019 - 21:38 | 12-02-2018 - 19:29 | |
CVE-2017-9242 | 4.9 |
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via craft
|
05-01-2018 - 02:31 | 27-05-2017 - 01:29 | |
CVE-2016-9084 | 4.6 |
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device fil
|
05-01-2018 - 02:31 | 28-11-2016 - 03:59 | |
CVE-2017-1000380 | 2.1 |
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed
|
06-12-2017 - 02:29 | 17-06-2017 - 18:29 |