15 matches found
CVE-2019-15902
CVE-2019-15902 describes a backporting error that reintroduced Spectre-v1 in ptrace_get_debugreg() due to swapped lines during cherry-picking. Affected Linux kernels include 4.4.x (up to 4.4.190), 4.9.x (up to 4.9.190), 4.14.x (up to 4.14.141), 4.19.x (up to 4.19.69), and 5.2.x (up to 5.2.11). Th...
CVE-2019-7221
CVE-2019-7221 is a Use-after-Free in the KVM implementation of the Linux kernel up to version 4.20.5. The vulnerability concerns KVM VMX preemption timer handling and is locally exploitable with low privileges and no user interaction, potentially affecting confidentiality, integrity, and availabi...
CVE-2018-20855
CVE-2018-20855 affects Linux kernel before 4.18.7. In mlx5InfiniBand, create_qp_common (mlx5_ib_create_qp_resp) was never initialized, leaking stack memory to userspace. Upstream fix shipped with kernel 4.18.7 (commit 0625b4ba1a5d4703c7fb01c497bd6c156908af00). Mitigation: upgrade to 4.18.7+ or ap...
CVE-2019-6454
CVE-2019-6454 affects systemd’s bus_process_object() which allocates a large stack buffer for the object path in D-Bus messages. A locally unprivileged user can send a crafted message to PID1, causing the stack pointer to jump past guard pages and crash systemd PID1, potentially triggering a kern...
CVE-2019-5489
CVE-2019-5489 affects the Linux kernel mincore() implementation (mm/mincore.c) up to version 4.19.13. It enables a local attacker to observe page cache access patterns of other processes sharing memory, leading to potential information disclosure; the impact is described as partial confidentialit...
CVE-2018-19985
CVE-2018-19985 is a Linux kernel vulnerability describing an out-of-bounds read in hso_get_config_data (drivers/net/usb/hso.c) caused by indexing an array with the device-provided if_num. This is a local, kernel-space issue that could lead to a crash. Public IBM advisories for the IBM 4769 toolki...
CVE-2019-7222
The CVE-2019-7222 issue affects the KVM component of the Linux kernel up to version 4.20.5, where a vulnerability allowed information leakage by exposing uninitialized kernel stack contents to a guest. Connected documents explicitly refer to “KVM: leak of uninitialized stack contents to guest (CV...
CVE-2018-17182
Summary : CVE-2018-17182 is a Linux kernel use-after-free vulnerability in the vmacache subsystem. The root cause is that the function vmacache_flush_all mishandles sequence number overflows, allowing a local attacker to trigger a use-after-free via certain thread creation/map/unmap/invalidation/...
CVE-2018-16866
CVE-2018-16866 is a systemd-journald out-of-bounds read vulnerability. The flaw arises in how journald parses log messages that terminate with a colon, allowing a local attacker to disclose process memory data. Affected versions are reported as v221–v239. Public advisories and vendor notes (e.g.,...
CVE-2019-15098
CVE-2019-15098 affects the Linux kernel driver ath6kl/usb.c (USB wifi driver) up to version 5.2.9. The issue is a NULL pointer dereference caused by an incomplete address in an endpoint descriptor, potentially leading to a crash or denial of service. The connected Nessus/Unity Linux advisories co...
CVE-2018-16888
CVE-2018-16888 affects systemd. When a service runs as an unprivileged user, a local attacker who can write to the service’s PIDFile may trick systemd into killing other services and/or privileged processes. Vulnerable versions are those before v237. Remediation: update systemd to a fixed version...
CVE-2018-19039
Grafana CVE-2018-19039 affects Grafana before 4.6.5 and 5.x before 5.3.3, allowing remote authenticated users with Editor or Admin perms to read arbitrary files. Root cause is a file-read exposure via dashboards/editors. Upgrading to Grafana 4.6.5 or 5.3.3+ mitigates the issue; check vendor advis...
CVE-2019-7612
CVE-2019-7612 affects Logstash: versions before 5.6.15 and 6.6.1 are vulnerable to a sensitive data disclosure where credentials used in a URL can be logged in error messages due to malformed URL logging. Root cause: improper handling of URL logging in Logstash configuration. Impact: potential ex...
CVE-2018-12099
Grafana prior to 5.2.0-beta1 is affected by XSS in dashboard links (CVE-2018-12099). The issue stems from an incomplete fix, with later Nessus entries noting unpatched vectors in Grafana 5.3.1 related to this CVE. Remediation: upgrade to Grafana 5.2.0-beta1 or newer where the fix is included.
CVE-2018-16597
CVE-2018-16597 affects the Linux kernel prior to version 4.8. The issue is an incorrect access check in overlayfs mounts, which could allow a local attacker to modify or truncate files on the underlying filesystem. The connected Nessus/OpenVAS advisories reference kernel updates to fix this vulne...