Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-3900 | 6.8 |
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest
|
26-04-2024 - 16:08 | 25-04-2019 - 15:29 | |
CVE-2019-3882 | 4.9 |
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of th
|
12-02-2023 - 23:38 | 24-04-2019 - 16:29 | |
CVE-2017-18509 | 7.2 |
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbi
|
07-02-2023 - 22:01 | 13-08-2019 - 14:15 | |
CVE-2018-20836 | 9.3 |
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
|
03-11-2022 - 02:22 | 07-05-2019 - 14:29 | |
CVE-2019-10639 | 5.0 |
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the
|
14-06-2021 - 18:15 | 05-07-2019 - 23:15 | |
CVE-2019-10638 | 4.3 |
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to
|
14-06-2021 - 18:15 | 05-07-2019 - 23:15 | |
CVE-2018-20856 | 4.6 |
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
|
13-08-2019 - 19:15 | 26-07-2019 - 05:15 | |
CVE-2019-14283 | 4.6 |
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk h
|
11-08-2019 - 23:15 | 26-07-2019 - 13:15 | |
CVE-2019-14284 | 2.1 |
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make
|
11-08-2019 - 23:15 | 26-07-2019 - 13:15 | |
CVE-2019-13648 | 4.9 |
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal
|
30-07-2019 - 12:15 | 19-07-2019 - 13:15 | |
CVE-2019-13631 | 4.6 |
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
|
26-07-2019 - 03:15 | 17-07-2019 - 19:15 | |
CVE-2018-5995 | 2.1 |
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
|
28-05-2019 - 19:29 | 07-08-2018 - 18:29 |