Vulnerabilities > Linux > Linux Kernel > 2.5.40
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-25 | CVE-2019-19965 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | 1.9 |
2019-12-24 | CVE-2019-19947 | Use of Uninitialized Resource vulnerability in multiple products In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | 4.6 |
2019-12-23 | CVE-2019-5108 | Improper Authentication vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. | 3.3 |
2019-12-22 | CVE-2019-19922 | Resource Exhaustion vulnerability in multiple products kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. | 5.5 |
2019-12-17 | CVE-2019-19241 | Unspecified vulnerability in Linux Kernel In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. | 4.6 |
2019-12-12 | CVE-2019-19770 | Use After Free vulnerability in Linux Kernel In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). | 8.2 |
2019-12-12 | CVE-2019-19769 | Use After Free vulnerability in multiple products In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | 6.7 |
2019-12-12 | CVE-2019-19767 | Use After Free vulnerability in Linux Kernel The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. | 4.3 |
2019-12-05 | CVE-2019-19602 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. | 5.4 |
2019-12-03 | CVE-2019-19543 | Use After Free vulnerability in Linux Kernel In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | 4.6 |