291 matches found
CVE-2019-13272
CVE-2019-13272 affects the Linux kernel ptrace code (kernel/ptrace.c), where credentials recording during ptrace relationship establishment can fail, enabling a local attacker to obtain root privileges under certain parent/child lifecycle scenarios and potentially cause a panic. Public advisories...
CVE-2019-11477
CVE-2019-11477 (SACK Panic) is a Linux kernel TCP vulnerability where crafted SACK blocks can trigger an integer overflow, potentially causing a kernel crash and DoS. CVE-2019-11478/11479 describe related DoS via SACK handling and low MSS. In practice, Arista discloses affected products (EOS, Clo...
CVE-2019-14816
CVE-2019-14816 is a Linux kernel heap-based buffer overflow in the mwifiex (Marvell) wifi driver that affects all versions up to, but excluding, 5.3. It enables a local attacker to crash the system or potentially execute arbitrary code via the Marvell wifi chip driver; affected scope is the kerne...
CVE-2019-14814
CVE-2019-14814 affects the Linux kernel Marvell WiFi driver (mwifiex) - a heap-based buffer overflow in the Marvell WiFi chip driver, present in all kernel versions up to but excluding 5.3. This can allow local users to crash the system or, potentially, execute arbitrary code. Public advisories (...
CVE-2019-10639
CVE-2019-10639 affects Linux kernel 4.x (from 4.1) and 5.x prior to 5.0.8, enabling remote information exposure by deriving a KASLR kernel image offset from IP ID values for UDP/ICMP traffic. An attacker could force traffic to attacker-controlled IPs to obtain hashing key information and expose t...
CVE-2019-16746
CVE-2019-16746 : A buffer overflow in the Linux kernel (net/wireless/nl80211.c) can occur through improper bounds checking of variable-length elements in a beacon head, enabling potential arbitrary code execution or a system crash. The issue affects Linux kernels up to at least 5.2.17, with repor...
CVE-2019-10638
The CVE-2019-10638 entry concerns the Linux kernel IT: the IP ID values used for connectionless protocols (UDP/ICMP) in kernels prior to 5.1.7. The underlying issue is weak hashing of IP IDs, enabling an attacker to track a host across networks by correlating IDs and potentially obtain the hashin...
CVE-2019-14284
CVE-2019-14284 affects the Linux kernel prior to 5.2.3, where floppy.c can suffer a division-by-zero in setup_format_params. Two consecutive ioctls can trigger a DOs: the first ioctl sets geometry (.sect/.rate) such that F_SECT_PER_TRACK becomes zero; the second triggers the floppy format operati...
CVE-2018-20856
CVE-2018-20856 : Linux kernel before 4.18.7 contains a use-after-free in block/blk-core.c__blk_drain_queue() when an error case is mishandled. This could allow a local attacker to cause a denial of service or, potentially, execute arbitrary code. The issue was addressed in the 4.18.7 patch releas...
CVE-2019-11479
The CVE-2019-11479 family (SACK/MSS issues on the Linux kernel) stems from a hard-coded MSS of 48 bytes, enabling remote DoS via fragmented TCP handling. Public docs list CVE-2019-11477 (SACK Panic), CVE-2019-11478 (SACK Slowness/Excess Resource Usage), and CVE-2019-11479 (Low MSS) with kernel-wi...
CVE-2019-3846
CVE-2019-3846 affects the upstream kernel’s Marvell mwifiex wireless kernel driver. The description documents a memory corruption flaw that could allow privilege escalation when connecting to a malicious wireless network. Connected sources confirm this is within the mwifiex driver and describe th...
CVE-2019-17666
CVE-2019-17666 affects the Linux kernel Realtek rtlwifi driver (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c). The root cause is a missing upper-bound check that leads to a buffer overflow. Impact stated in sources includes memory corruption and potential remote code execution, wit...
CVE-2019-15505
CVE-2019-15505 affects the technisat-usb2 media driver in Linux kernels up to 5.2.9. The issue arises from improper validation of incoming IR packets, leading to a heap buffer over-read. An attacker capable of adding USB devices (potentially via remote USB technologies like usbip/usbredir) could ...
CVE-2019-11478
CVE-2019-11478 describes a DoS in the Linux kernel TCP SACK handling where the TCP retransmission queue can fragment, leading to degraded performance or denial of service when processing crafted SACK sequences. The initial entry notes a fixed commit f070ef2ac66716357066b683fb0baf55f8191a2e and st...
CVE-2019-14821
CVE-2019-14821 is a Linux kernel KVM issue: an out-of-bounds access in the Coalesced MMIO write path can occur if a host user controls the MMIO ring buffer indices (ring->first/ring->last). A local attacker with /dev/kvm access could crash the host kernel or potentially escalate privileges ...
CVE-2019-14835
The CVE-2019-14835 entry describes a buffer overflow in Linux kernel vhost functionality (virtqueue buffers translated to IOVs) during VM live migration. A privileged guest user could pass descriptors with invalid length while migration is underway, potentially causing a host privilege escalation...
CVE-2019-14283
CVE-2019-14283 affects the Linux kernel up to version 5.2.2, where floppy drive handling in set_geometry() in drivers/block/floppy.c fails to validate sect and head, enabling an integer overflow and out-of-bounds read. This can be triggered by an unprivileged local user when a floppy is present (...
CVE-2019-15902
CVE-2019-15902 describes a backporting error that reintroduced Spectre-v1 in ptrace_get_debugreg() due to swapped lines during cherry-picking. Affected Linux kernels include 4.4.x (up to 4.4.190), 4.9.x (up to 4.9.190), 4.14.x (up to 4.14.141), 4.19.x (up to 4.19.69), and 5.2.x (up to 5.2.11). Th...
CVE-2019-17133
CVE-2019-17133 affects Linux kernel up to 5.3.2, where cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c fails to reject an oversized SSID IE, causing a Buffer Overflow. The available connected docs confirm the vulnerability and its impact but do not provide a specific patched version or reme...
CVE-2019-15917
CVE-2019-15917 concerns a use-after-free in the Linux kernel before 5.0.5. The bug occurs when hci_uart_register_dev() fails in hci_uart_set_proto() within drivers/bluetooth/hci_ldisc.c, potentially after a local Bluetooth UART device setup. Affected: Linux kernel versions prior to 5.0.5. Impact ...
CVE-2019-12614
CVE-2019-12614 affects Linux kernels up to 5.1.6 in the PowerPC pseries dlpar.c: a NULL pointer dereference triggered by unchecked kstrdup of prop->name can allow a local attacker to crash the system via a crafted request. The issue is confirmed in the initial description and corroborated by c...
CVE-2019-6974
CVE-2019-6974 affects the Linux kernel KVM subsystem: a race in kvm_ioctl_create_device() mishandles reference counting, enabling a local user with access to /dev/kvm to cause a use-after-free, potentially crashing the guest or escalating privileges. The issue is fixed in kernel 4.20.8 and relate...
CVE-2019-14901
CVE-2019-14901 is a heap overflow in the Marvell WiFi driver (mwifiex) of the Linux kernel, affecting all 3.x/4.x prior to 4.18.0. It can allow a remote attacker to crash the system (DoS) or potentially execute code with root privileges, impacting confidentiality and integrity. Public advisories ...
CVE-2019-15927
CVE-2019-15927: A Linux kernel issue before 4.20.2 allows an out-of-bounds access in build_audio_procunit() within sound/usb/mixer.c, enabling local exploitation under affected kernels. The vulnerability is triggered by an out-of-bounds access in the function, as documented in the CVE entry and t...
CVE-2019-11884
The CVE-2019-11884 entry affects the Linux kernel's HIDP path. It concerns the do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c, where a HIDPCONNADD command can leak data from kernel stack memory due to a name field not properly ending with a NUL terminator. The vulnerability allows local attacker...
CVE-2019-11487
The CVE-2019-11487 issue affects the Linux kernel prior to 5.1-rc5, enabling a page->_refcount overflow that can cause use-after-free when large RAM (≈140 GiB) is present, notably under FUSE workloads (fs/fuse/dev.c, mm/gup.c, mm/hugetlb.c, etc.). Affects multiple kernel components (fs/fuse, f...
CVE-2019-19527
CVE-2019-19527 is a use-after-free vulnerability in the Linux kernel caused by a malformed interaction with a malicious USB device in the hiddev.c driver (drivers/hid/usbhid). Affected releases are Linux kernels prior to 5.2.10. The impact, as indicated in the CVE entry, includes potential compro...
CVE-2017-18595
Linux kernel before 4.14.11 is affected by a double-free in allocate_trace_buffer (kernel/trace/trace.c). This CVE-2017-18595 issue can enable memory corruption when the trace buffer is allocated, and is exploitable with local access. The vulnerability is tied to kernel versions older than 4.14.1...
CVE-2018-20836
CVE-2018-20836 : A race condition in the Linux kernel before 4.20, specifically in drivers/scsi/libsas/sas_expander.c (smp_task_timedout() vs smp_task_done()), can lead to a use-after-free. Affected: Linux kernel versions prior to 4.20. Impact is described as high by CVSS. The provided documents ...
CVE-2019-7221
CVE-2019-7221 is a Use-after-Free in the KVM implementation of the Linux kernel up to version 4.20.5. The vulnerability concerns KVM VMX preemption timer handling and is locally exploitable with low privileges and no user interaction, potentially affecting confidentiality, integrity, and availabi...
CVE-2019-11810
CVE-2019-11810 affects the Linux kernel up to version before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails inside megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c, leading to a Denial of Service tied to a use-after-free. Public advisories note...
CVE-2019-10207
The CVE-2019-10207 entry describes a local DoS in Linux kernels via Bluetooth UART mishandling. Affected: Linux kernel Bluetooth UART implementation, versions 3.x.x prior to 4.18.0 and 5.x.x. Vulnerable action: a crafted ioctl call by a local attacker with write access to Bluetooth hardware can c...
CVE-2019-14815
CVE-2019-14815 is a Linux kernel issue in the Marvell Mwifiex WiFi driver, described in the connected F5 advisory as a heap overflow in mwifiex_set_wmm_params(). The initial document also notes a heap overflow in this driver. The provided sources do not include explicit exploit details, affected ...
CVE-2019-13648
CVE-2019-13648 affects the Linux kernel on PowerPC where hardware transactional memory is disabled. A local user can trigger a denial of service (TM Bad Thing exception and system crash) by sending a crafted signal frame via sigreturn() to arch/powerpc/kernel/signal_32.c and signal_64.c. Public d...
CVE-2018-16871
A CVE-2018-16871 issue exists in the Linux kernel’s NFS implementation (all 3.x and 4.x up to 4.20). A attacker mounting an exported NFS filesystem can trigger a null pointer dereference using an invalid NFS sequence, causing a kernel panic and denying access to the NFS server; outstanding disk w...
CVE-2019-15239
The CVE-2019-15239 issue arises from a backported net/ipv4/tcp_output.c change in some 4.9.x and 4.14.x long-term Linux kernels that was correctly fixed in 4.16.12 but incorrectly backported to older LT kernels. This regression enables a local attacker to add to a write queue between disconnectio...
CVE-2019-16089
Summary (CVE-2019-16089): The vulnerability resides in the Linux kernel (through version 5.2.13) where nbd_genl_status in drivers/block/nbd.c does not validate the return value of nla_nest_start_noflag, potentially enabling local privilege impact due to improper netlink attribute nesting checks. ...
CVE-2018-20669
CVE-2018-20669 affects the Linux kernel i915_gem_execbuffer2_ioctl path (drivers/gpu/drm/i915/i915_gem_execbuffer.c) up to kernel 4.19.13. A local attacker can craft an IOCTL call that fails address checks (address provided to access_ok() is not checked), enabling overwriting arbitrary kernel mem...
CVE-2019-18808
The CVE-2019-18808 entry describes a memory-leak DoS in the Linux kernel via ccp_run_sha_cmd() in ccp-ops.c (up to kernel 5.3.9). Connected Astra Linux advisories show a similar memory-leak DoS in ccp_run_aes_gcm_cmd() (drivers/crypto/ccp/ccp-ops.c) affecting Linux-5.10 and noting similarity to C...
CVE-2019-3900
CVE-2019-3900 is an upstream Linux kernel vulnerability in the vhost_net module causing an infinite loop while handling incoming packets in handle_rx(), which can allow a guest user to stall the vhost_net kernel thread and trigger a DoS. The issue is present in Linux kernel releases up to and inc...
CVE-2019-19767
CVE-2019-19767 affects the Linux kernel prior to 5.4.2, due to mishandling of ext4_expand_extra_isize which can cause use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (fs/ext4/inode.c and fs/ext4/super.c; CID-4ea99936a163). This is a kernel-level vulnerability impacting ext4-r...
CVE-2018-20855
CVE-2018-20855 affects Linux kernel before 4.18.7. In mlx5InfiniBand, create_qp_common (mlx5_ib_create_qp_resp) was never initialized, leaking stack memory to userspace. Upstream fix shipped with kernel 4.18.7 (commit 0625b4ba1a5d4703c7fb01c497bd6c156908af00). Mitigation: upgrade to 4.18.7+ or ap...
CVE-2019-15666
CVE-2019-15666 affects the Linux kernel prior to 5.0.19, with an out-of-bounds array access in __xfrm_policy_unlink caused by improper directory validation in net/xfrm/xfrm_user.c. This can lead to denial of service. Nexus/connected advisories confirm the same impact and recommend upgrading the k...
CVE-2018-20976
CVE-2018-20976 affects the Linux kernel prior to 4.18, specifically a use-after-free in fs/xfs/xfs_super.c related to xfs_fs_fill_super during mount failure. The vulnerability can lead to memory corruption or crash and is exploitable via a local attack, with no authentication required per the CVE...
CVE-2019-10126
CVE-2019-10126 affects the Linux kernel Marvell mwifiex wireless kernel driver. The issue is a heap-based buffer overflow in mwifiex_uap_parse_tail_ies (drivers/net/wireless/marvell/mwifiex/ie.c) that can lead to memory corruption. Public documents in the Connected set identify the affected compo...
CVE-2019-20054
CVE-2019-20054 affects the Linux kernel prior to 5.0.6, with a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (related to put_links, CID-23da9588037e). The fix is included in kernel 5.0.6 (and later). Public exploit details are not provided in the supplied documents. Rec...
CVE-2019-19447
CVE-2019-19447 is a Linux kernel 5.0.21 flaw where mounting a crafted ext4 filesystem image can trigger a use-after-free in ext4_put_super (fs/ext4/super.c, related to dump_orphan_list). Reports in multiple connected sources corroborate a local, post-authentication impact with potential arbitrary...
CVE-2019-19068
CVE-2019-19068 affects the Linux kernel Realtek RTL8xxxU USB Wi‑Fi driver (rtl8xxxu_submit_int_urb in rtl8xxxu_core.c, up to 5.3.11). The root cause is a memory leak when usb_submit_urb() fails during interrupt-URB submission, which can lead to DoS via memory consumption. Connected document F5 ad...
CVE-2019-17055
CVE-2019-17055 affects the Linux kernel up to 5.3.2, where base_sock_create in drivers/isdn/mISDN/socket.c did not enforce CAP_NET_RAW, allowing unprivileged users to create a raw socket via AF_ISDN. The issue is tracked with CID CID-b91ee4aa2a21 and was addressed in upstream kernel commits 0edc3...
CVE-2019-19063
Concretely affected software: Linux kernel realtek rtlwifi USB driver (rtl_usb_probe in drivers/net/wireless/realtek/rtlwifi/usb.c). Root cause: two memory leaks in rtl_usb_probe() leading to memory exhaustion. Impact: potential denial of service due to unbounded memory consumption (through 5.3.1...