kernel-zfcpdump (SUSE:Linux Enterprise Module for Basesystem 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 package kernel-zfcpdump, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (200)
CVE-2019-10126 — CVSS 9.8 (critical): A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mw…
CVE-2019-18805 — CVSS 9.8 (critical): An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer…
CVE-2019-17133 — CVSS 9.8 (critical): In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a…
CVE-2019-14895 — CVSS 9.8 (critical): A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver…
CVE-2019-14901 — CVSS 9.8 (critical): A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The…
CVE-2019-15926 — CVSS 9.1 (critical): An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx…
CVE-2019-17666 — CVSS 8.8 (high): rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to…
CVE-2019-10220 — CVSS 8.8 (high): Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
CVE-2019-3846 — CVSS 8.8 (high): A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting…
CVE-2019-14821 — CVSS 8.8 (high): An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements…
CVE-2018-9363 — CVSS 8.4 (high): In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional…
CVE-2019-6974 — CVSS 8.1 (high): In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race…
CVE-2019-9506 — CVSS 8.1 (high): The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an…
CVE-2018-20836 — CVSS 8.1 (high): An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in…
CVE-2019-11815 — CVSS 8.1 (high): An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a…
CVE-2018-16884 — CVSS 8.0 (high): A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make…
CVE-2019-9503 — CVSS 7.9 (high): The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If…
CVE-2019-9500 — CVSS 7.9 (high): The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the…
CVE-2018-10902 — CVSS 7.8 (high): It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in…
CVE-2018-5848 — CVSS 7.8 (high): In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of…
CVE-2019-14815 — CVSS 7.8 (high): A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
CVE-2019-14816 — CVSS 7.8 (high): There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that…
CVE-2019-14835 — CVSS 7.8 (high): A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue…
CVE-2019-15117 — CVSS 7.8 (high): parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds…
CVE-2017-18595 — CVSS 7.8 (high): An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file…
CVE-2019-15927 — CVSS 7.8 (high): An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file…
CVE-2018-12233 — CVSS 7.8 (high): In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling…
CVE-2018-10878 — CVSS 7.8 (high): A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or…
CVE-2018-13405 — CVSS 7.8 (high): The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group…
CVE-2018-13406 — CVSS 7.8 (high): An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in…
CVE-2019-12456 — CVSS 7.8 (high): An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5…
CVE-2019-0155 — CVSS 7.8 (high): Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor…
CVE-2018-9568 — CVSS 7.8 (high): In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege…
CVE-2018-9385 — CVSS 7.8 (high): In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local…
CVE-2019-14814 — CVSS 7.8 (high): There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel…
CVE-2018-17182 — CVSS 7.8 (high): An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number…
CVE-2018-18281 — CVSS 7.8 (high): Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate()…
CVE-2018-18445 — CVSS 7.8 (high): In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier…
CVE-2019-8912 — CVSS 7.8 (high): In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which…
CVE-2018-19824 — CVSS 7.8 (high): In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound…
CVE-2019-2024 — CVSS 7.8 (high): In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with…
CVE-2019-19543 — CVSS 7.8 (high): In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
CVE-2018-8781 — CVSS 7.8 (high): The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an…
CVE-2018-20669 — CVSS 7.8 (high): An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_…
CVE-2018-20976 — CVSS 7.8 (high): An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super…
CVE-2018-6555 — CVSS 7.8 (high): The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows…
CVE-2019-11487 — CVSS 7.8 (high): The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of…
CVE-2019-15239 — CVSS 7.8 (high): In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to…
CVE-2019-11085 — CVSS 7.8 (high): Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user…
CVE-2019-19074 — CVSS 7.5 (high): A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers…
CVE-2019-8980 — CVSS 7.5 (high): A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of…
CVE-2018-5391 — CVSS 7.5 (high): The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP…
CVE-2019-15916 — CVSS 7.5 (high): An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c…
CVE-2019-11479 — CVSS 7.5 (high): Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend…
CVE-2019-15538 — CVSS 7.5 (high): An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp…
CVE-2019-11477 — CVSS 7.5 (high): Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when…
CVE-2018-1128 — CVSS 7.5 (high): It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker…
CVE-2019-10639 — CVSS 7.5 (high): The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a…
CVE-2019-9003 — CVSS 7.5 (high): In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for…
CVE-2019-12818 — CVSS 7.5 (high): An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If…
CVE-2019-11810 — CVSS 7.5 (high): An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in…
CVE-2019-19049 — CVSS 7.5 (high): A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a…
CVE-2019-16995 — CVSS 7.5 (high): In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port…
CVE-2018-16871 — CVSS 7.5 (high): A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to…
CVE-2018-5390 — CVSS 7.5 (high): Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every…
CVE-2019-19075 — CVSS 7.5 (high): A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause…
CVE-2019-19052 — CVSS 7.5 (high): A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a…
CVE-2019-19060 — CVSS 7.5 (high): A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to…
CVE-2018-10877 — CVSS 7.3 (high): Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4…
CVE-2019-15917 — CVSS 7.0 (high): An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in…
CVE-2019-18683 — CVSS 7.0 (high): An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on…
CVE-2018-10853 — CVSS 7.0 (high): A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not…
CVE-2018-14633 — CVSS 7.0 (high): A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication…
CVE-2018-16880 — CVSS 7.0 (high): A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific…
CVE-2019-11486 — CVSS 7.0 (high): The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVE-2019-11599 — CVSS 7.0 (high): The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags…
CVE-2019-19527 — CVSS 6.8 (medium): In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hidd…
CVE-2019-19531 — CVSS 6.8 (medium): In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c…
CVE-2019-14283 — CVSS 6.8 (medium): In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an…
CVE-2019-13631 — CVSS 6.8 (medium): In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID…
CVE-2018-20169 — CVSS 6.8 (medium): An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra…
CVE-2019-19532 — CVSS 6.8 (medium): In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux…
CVE-2019-15090 — CVSS 6.7 (medium): An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is…
CVE-2017-18551 — CVSS 6.7 (medium): An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function…
CVE-2019-9456 — CVSS 6.7 (medium): In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local…
CVE-2017-16533 — CVSS 6.6 (medium): The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of…
CVE-2018-12207 — CVSS 6.5 (medium): Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an…
CVE-2018-1129 — CVSS 6.5 (medium): A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster…
CVE-2019-10638 — CVSS 6.5 (medium): In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less…
CVE-2019-3460 — CVSS 6.5 (medium): A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
CVE-2018-15572 — CVSS 6.5 (medium): The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a…
CVE-2019-11135 — CVSS 6.5 (medium): TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable…
CVE-2019-3459 — CVSS 6.5 (medium): A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2019-15214 — CVSS 6.4 (medium): An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection…
CVE-2019-19529 — CVSS 6.3 (medium): In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcb…
CVE-2019-14284 — CVSS 6.2 (medium): In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two…
CVE-2019-19332 — CVSS 6.1 (medium): An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor…
CVE-2019-19528 — CVSS 6.1 (medium): In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarri…
CVE-2018-16658 — CVSS 6.1 (medium): An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could…
CVE-2018-10938 — CVSS 5.9 (medium): A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker…
CVE-2018-12232 — CVSS 5.9 (medium): In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the…
CVE-2018-12130 — CVSS 5.9 (medium): Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an…
CVE-2018-12126 — CVSS 5.6 (medium): Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an…
CVE-2018-12127 — CVSS 5.6 (medium): Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an…
CVE-2019-15902 — CVSS 5.6 (medium): A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through…
CVE-2019-1125 — CVSS 5.6 (medium): An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who…
CVE-2019-11091 — CVSS 5.6 (medium): Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may…
CVE-2019-7308 — CVSS 5.6 (medium): kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various…
CVE-2017-5715 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of…
CVE-2018-3620 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information…
CVE-2018-3646 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information…
CVE-2017-5753 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an…
CVE-2019-0154 — CVSS 5.5 (medium): Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor…
CVE-2017-18344 — CVSS 5.5 (medium): The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the…
CVE-2018-1000200 — CVSS 5.5 (medium): The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large…
CVE-2018-10087 — CVSS 5.5 (medium): The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might…
CVE-2018-10124 — CVSS 5.5 (medium): The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used…
CVE-2018-10880 — CVSS 5.5 (medium): Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in…
CVE-2018-1092 — CVSS 5.5 (medium): The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero…
CVE-2018-1093 — CVSS 5.5 (medium): The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service…
CVE-2018-1094 — CVSS 5.5 (medium): The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver…
CVE-2018-10940 — CVSS 5.5 (medium): The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect…
CVE-2018-1130 — CVSS 5.5 (medium): Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that…
CVE-2018-12896 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is…
CVE-2018-13093 — CVSS 5.5 (medium): An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in…
CVE-2018-13094 — CVSS 5.5 (medium): An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image…
CVE-2018-13095 — CVSS 5.5 (medium): An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and…
CVE-2018-14613 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and…
CVE-2018-14617 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in…
CVE-2018-18397 — CVSS 5.5 (medium): The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated…
CVE-2018-18710 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be…
CVE-2018-19407 — CVSS 5.5 (medium): The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service…
CVE-2018-21008 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file…
CVE-2018-3639 — CVSS 5.5 (medium): Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior…
CVE-2018-5803 — CVSS 5.5 (medium): In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function…
CVE-2018-6554 — CVSS 5.5 (medium): Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17…
CVE-2018-7191 — CVSS 5.5 (medium): In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local…
CVE-2018-7492 — CVSS 5.5 (medium): A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local…
CVE-2019-10207 — CVSS 5.5 (medium): A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An…
CVE-2019-11833 — CVSS 5.5 (medium): fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow…
CVE-2019-12380 — CVSS 5.5 (medium): **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in…
CVE-2019-12382 — CVSS 5.5 (medium): An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an…
CVE-2019-12819 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device()…
CVE-2019-13648 — CVSS 5.5 (medium): In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial…
CVE-2019-15118 — CVSS 5.5 (medium): check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
CVE-2019-15924 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL…
CVE-2019-18808 — CVSS 5.5 (medium): A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause…
CVE-2019-19051 — CVSS 5.5 (medium): A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows…
CVE-2019-19077 — CVSS 5.5 (medium): A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows…
CVE-2019-19227 — CVSS 5.5 (medium): In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may…
CVE-2019-19338 — CVSS 5.5 (medium): A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle…
CVE-2019-19767 — CVSS 5.5 (medium): The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and…
CVE-2019-3882 — CVSS 5.5 (medium): A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device…
CVE-2019-5489 — CVSS 5.5 (medium): The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access…
CVE-2019-9213 — CVSS 5.5 (medium): In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for…
CVE-2019-11478 — CVSS 5.3 (medium): Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when…
CVE-2018-1000204 — CVSS 5.3 (medium): Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte…
CVE-2018-14625 — CVSS 5.3 (medium): A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A…
CVE-2018-16862 — CVSS 5.3 (medium): A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation…
CVE-2018-10876 — CVSS 5.0 (medium): A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when…
CVE-2018-10882 — CVSS 4.8 (medium): A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a…
CVE-2018-10883 — CVSS 4.8 (medium): A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a…
CVE-2019-15921 — CVSS 4.7 (medium): An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in…
CVE-2019-15292 — CVSS 4.7 (medium): An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc…
CVE-2018-19854 — CVSS 4.7 (medium): An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto…
CVE-2017-18224 — CVSS 4.7 (medium): In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent…
CVE-2019-19056 — CVSS 4.7 (medium): A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through…
CVE-2019-19058 — CVSS 4.7 (medium): A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows…
CVE-2019-16234 — CVSS 4.7 (medium): drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a…
CVE-2019-19062 — CVSS 4.7 (medium): A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a…
CVE-2019-18660 — CVSS 4.7 (medium): The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable…
CVE-2019-19065 — CVSS 4.7 (medium): A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a…
CVE-2019-19066 — CVSS 4.7 (medium): A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to…
CVE-2019-15212 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the…
CVE-2019-15219 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the…
CVE-2019-15218 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the…
CVE-2019-15217 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the…
CVE-2019-15216 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the…
CVE-2019-15215 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the…
CVE-2019-18809 — CVSS 4.6 (medium): A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows…
CVE-2019-15213 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the…
CVE-2019-15211 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the…
CVE-2019-19063 — CVSS 4.6 (medium): Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow…
CVE-2019-19068 — CVSS 4.6 (medium): A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel…
CVE-2019-15098 — CVSS 4.6 (medium): drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an…
CVE-2019-19523 — CVSS 4.6 (medium): In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux…
CVE-2019-19524 — CVSS 4.6 (medium): In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memles…
CVE-2019-19525 — CVSS 4.6 (medium): In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/a…
CVE-2019-19526 — CVSS 4.6 (medium): In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c…
CVE-2019-19530 — CVSS 4.6 (medium): In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-a…
CVE-2019-19535 — CVSS 4.6 (medium): In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb…
CVE-2019-19536 — CVSS 4.6 (medium): In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb…
CVE-2018-19985 — CVSS 4.6 (medium): The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and…
CVE-2019-15291 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the…
CVE-2019-15222 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the…
CVE-2019-15221 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the…
CVE-2019-15220 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the…
CVE-2019-3819 — CVSS 4.4 (medium): A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite…