Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel 3.11 through 5.10.16, which stems from insufficient internal status updates that prevent incorrect security recovery...

PT-2021-3000 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.11 through 5.10.16 Description: The issue is related to errors in mapping grant references provided by the frontend in the Linux kernel's Xen driver. This can lead to the caller assuming successful mapping and attempti...

CVE-2020-24490

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ...

CVE-2020-24490

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ...

PT-2020-5488 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Intel Graphics Drivers versions prior to 26.20.100.7212 Linux kernel version prior to 5.5 Description: A null pointer reference in some Intel Graphics Drivers may allow a privileged user to potentially enable a denial of service via local...

CVE-2020-16120

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a...

Linux kernel integer overflow vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An integer overflow vulnerability exists in the drivers/tty/vt/keyboard.c file in Linux kernel 5.7.1 and earlier. A local attacker could exploit this vulnerability to...

Unspecified vulnerability in Linux kernel (CNVD-2020-28262)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions 4.18 through 5.6.11. An attacker could exploit the vulnerability to cause resource exhaustion...

CVE-2020-10690

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...

CVE-2020-1628

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet,...

VulnCheck KEV: CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation...

Linux kernel information disclosure vulnerability (CNVD-2020-00266)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in Linux kernel 5.2.14 and earlier versions. The vulnerability arises from errors in configuration and other errors in t...

Linux kernel resource management error vulnerability (CNVD-2019-35843)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A resource management error vulnerability exists in the xfssetattrnonsize file in fs/xfs/xfsiops.c in Linux kernel 5.2.9 and earlier versions, which can be exploited b...

Linux kernel code issue vulnerability

Linux kernel is the kernel used by Linux, an open source operating system released by the Linux Foundation in the U.S. A code issue vulnerability exists in the sound/usb/line6/driver.c file in versions of Linux kernel prior to 5.1.8. The vulnerability stems from an improperly designed or...

Linux kernel information disclosure vulnerability (CNVD-2019-23988)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in Linux kernel versions 4.1 through 4.x and 5.x prior to 5.0.8. The vulnerability arises from errors such as...

kernel: Race condition in sound system can lead to denial of service

In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

Race condition

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...