CVE Daily
← All tags

Tag: Linux Kernel

All CVEs associated with "Linux Kernel". Page 124/168 • 20117 CVEs.

Subscribe CVEs: RSS for “Linux Kernel”  ·  RSS (High+Critical only)

About “Linux Kernel”

A curated feed of “Linux Kernel”-related CVEs appears below. We currently track 20117 CVEs for this tag (all time). In the last 365 days, 6173 were published. Average CVSS is 6.4 (all time; 6.4 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-476 - NULL Pointer Dereference, CWE-401 - Missing Release of Memory after Effective Lifetime, CWE-416 - Use After Free.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-01-06
High

CVE-2019-18625

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inj…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2019-18792

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the…

CVSS: 9.1 CWE: CWE-436 - Interpretation Conflict View on NVD
2020-01-05
High

CVE-2019-19911

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2019-12-31
Medium

CVE-2019-19927

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read ac…

CVSS: 6.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
2019-12-30
Medium

CVE-2019-20096

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-20095

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
2019-12-28
Medium

CVE-2019-20054

In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2019-12-26
Medium

CVE-2011-1474

A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_top…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2019-12-25
Medium

CVE-2019-19966

In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.

CVSS: 4.6 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19965

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race…

CVSS: 4.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2019-12-24
Medium

CVE-2019-19947

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

CVSS: 4.6 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
2019-12-23
Medium

CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for statio…

CVSS: 6.5 CWE: CWE-440 - Expected Behavior Violation View on NVD
2019-12-22
Medium

CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by genera…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2019-12-19
High

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to…

CVSS: 7.5 CWE: N/A View on NVD
2019-12-18
High

CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2019-10557

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdrag…

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2019-12-17
High

CVE-2019-19241

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and n…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-19815

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2f…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2019-19816

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a va…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-19814

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2019-19813

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
2019-12-16
Medium

CVE-2019-11165

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service v…

CVSS: 5.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2019-0159

Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via lo…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-18828

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on prod…

CVSS: 6.8 CWE: CWE-521 - Weak Password Requirements View on NVD
2019-12-15
High

CVE-2019-19807

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. Th…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2019-12-12
High

CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created…

CVSS: 8.2 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19769

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

CVSS: 6.7 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2019-19768

In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cp…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19767

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
2019-12-11
High

CVE-2019-14899

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make pos…

CVSS: 7.4 CWE: CWE-300 - Channel Accessible by Non-Endpoint View on NVD
Medium

CVE-2019-19719

Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2019-12-08
High

CVE-2019-19449

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2019-19448

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2019-19447

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orp…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2019-12-05
High

CVE-2019-17388

Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges thr…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2019-17387

An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-19602

fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or…

CVSS: 6.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2019-12-03
High

CVE-2019-19543

In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19537

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/…

CVSS: 4.2 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2019-19536

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

CVSS: 4.6 CWE: CWE-909 - Missing Initialization of Resource View on NVD
Medium

CVE-2019-19535

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

CVSS: 4.6 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Low

CVE-2019-19534

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

CVSS: 2.4 CWE: CWE-909 - Missing Initialization of Resource View on NVD
Low

CVE-2019-19533

In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.

CVSS: 2.4 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
Medium

CVE-2019-19532

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/…

CVSS: 6.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2019-19531

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19530

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.

CVSS: 4.6 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19529

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.

CVSS: 6.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19528

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

CVSS: 6.1 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19526

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

CVSS: 4.6 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19525

In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.

CVSS: 4.6 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19524

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

CVSS: 4.6 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-19523

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.

CVSS: 4.6 CWE: CWE-416 - Use After Free View on NVD
2019-11-30
Medium

CVE-2019-19462

relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2019-11-29
Medium

CVE-2019-19451

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this…

CVSS: 5.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2019-19378

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-19377

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2019-14901

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, result…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2019-14897

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute a…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2019-14895

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection n…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2019-11-28
High

CVE-2019-18276

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setti…

CVSS: 7.8 CWE: CWE-273 - Improper Check for Dropped Privileges View on NVD
Medium

CVE-2019-19318

In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags…

CVSS: 4.4 CWE: CWE-416 - Use After Free View on NVD
2019-11-27
Medium

CVE-2019-19319

In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/x…

CVSS: 6.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2019-10220

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-15298

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2019-14896

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, poss…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2019-11-25
High

CVE-2019-19252

vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2019-18675

The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2019-10207

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2019-14815

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2019-10214

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections…

CVSS: 5.9 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2019-11-22
Medium

CVE-2019-16287

In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2019-19227

In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/apple…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2019-11-21
Medium

CVE-2019-19037

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2019-19039

__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2019-19036

btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2019-11-18
Medium

CVE-2019-19083

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19082

Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affec…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19081

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory…

CVSS: 5.9 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19080

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memor…

CVSS: 5.9 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19079

A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19078

A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19077

A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19076

A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consum…

CVSS: 5.9 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19075

A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca821…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19074

A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-72…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19073

Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout…

CVSS: 4.0 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19072

A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96…

CVSS: 4.4 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19071

A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by tri…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19070

A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_a…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19069

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19068

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memo…

CVSS: 4.6 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19067

Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by trigge…

CVSS: 4.4 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19066

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering b…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19065

A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhasht…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19064

A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_r…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19063

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), ak…

CVSS: 4.6 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19062

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_r…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19061

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka C…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19060

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab6…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19059

Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial o…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19058

A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by t…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Low

CVE-2019-19057

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory co…

CVSS: 3.3 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19056

A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory c…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19055

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by trig…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19054

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by tri…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19053

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggeri…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19052

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_subm…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19051

A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption)…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19050

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering cryp…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19049

A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_un…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19048

A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by tr…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19047

A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19046

A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by tri…

CVSS: 6.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19045

A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory…

CVSS: 4.4 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2019-19044

Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggeri…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2019-19043

A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
2019-11-14
High

CVE-2019-0155

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Go…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-14566

Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service vi…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD