Max CVSS | 7.8 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-3900 | 6.8 |
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest
|
26-04-2024 - 16:08 | 25-04-2019 - 15:29 | |
CVE-2018-20169 | 7.2 |
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
|
04-03-2024 - 22:59 | 17-12-2018 - 07:29 | |
CVE-2019-14821 | 7.2 |
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wher
|
16-02-2024 - 18:44 | 19-09-2019 - 18:15 | |
CVE-2019-11599 | 6.9 |
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or p
|
15-02-2024 - 15:56 | 29-04-2019 - 18:29 | |
CVE-2018-16884 | 6.7 |
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container
|
11-08-2023 - 19:12 | 18-12-2018 - 22:29 | |
CVE-2019-11884 | 2.1 |
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
|
03-03-2023 - 20:53 | 10-05-2019 - 22:29 | |
CVE-2019-11833 | 2.1 |
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
|
01-03-2023 - 15:28 | 15-05-2019 - 13:29 | |
CVE-2019-7222 | 2.1 |
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
|
28-02-2023 - 20:45 | 21-03-2019 - 16:01 | |
CVE-2019-3882 | 4.9 |
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of th
|
12-02-2023 - 23:38 | 24-04-2019 - 16:29 | |
CVE-2019-3874 | 3.3 |
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
|
12-02-2023 - 23:38 | 25-03-2019 - 19:29 | |
CVE-2019-10126 | 7.5 |
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
|
12-02-2023 - 23:32 | 14-06-2019 - 14:29 | |
CVE-2019-15916 | 7.8 |
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
|
17-01-2023 - 21:34 | 04-09-2019 - 15:15 | |
CVE-2019-3460 | 3.3 |
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
|
22-04-2022 - 20:06 | 11-04-2019 - 16:29 | |
CVE-2019-3459 | 3.3 |
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
|
22-04-2022 - 20:05 | 11-04-2019 - 16:29 | |
CVE-2019-9506 | 4.8 |
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") tha
|
04-11-2021 - 15:58 | 14-08-2019 - 17:15 | |
CVE-2019-10638 | 4.3 |
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to
|
14-06-2021 - 18:15 | 05-07-2019 - 23:15 | |
CVE-2019-3874 | 3.3 |
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
|
28-09-2020 - 16:15 | 25-03-2019 - 19:29 | |
CVE-2020-10720 | 4.9 |
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.
|
10-09-2020 - 14:46 | 03-09-2020 - 18:15 | |
CVE-2019-5489 | 2.1 |
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this af
|
24-08-2020 - 17:37 | 07-01-2019 - 17:29 | |
CVE-2018-19854 | 1.9 |
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sens
|
06-11-2019 - 01:15 | 04-12-2018 - 16:29 | |
CVE-2018-19985 | 2.1 |
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitr
|
03-09-2019 - 00:15 | 21-03-2019 - 16:00 | |
CVE-2019-13233 | 4.4 |
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
|
20-07-2019 - 12:15 | 04-07-2019 - 13:15 |