Vulnerabilities > Linux > Linux Kernel > 2.6.25.10

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-7221 Use After Free vulnerability in multiple products
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
7.8
2019-03-21 CVE-2018-19985 Out-of-bounds Read vulnerability in multiple products
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
low complexity
linux debian netapp CWE-125
4.6
2019-02-01 CVE-2019-7308 Numeric Errors vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
local
high complexity
linux canonical opensuse CWE-189
5.6
2019-02-01 CVE-2016-10741 Race Condition vulnerability in multiple products
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.
local
high complexity
linux debian CWE-362
4.7
2019-01-31 CVE-2017-18360 Divide By Zero vulnerability in multiple products
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
local
low complexity
linux canonical CWE-369
5.5
2019-01-07 CVE-2019-5489 Cleartext Transmission of Sensitive Information vulnerability in multiple products
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information.
local
low complexity
linux netapp CWE-319
5.5
2019-01-03 CVE-2019-3701 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13.
local
low complexity
linux debian canonical CWE-787
4.4
2018-12-27 CVE-2018-20511 Information Exposure vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.18.11.
local
low complexity
linux debian CWE-200
5.5
2018-12-12 CVE-2018-18397 Incorrect Authorization vulnerability in multiple products
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
local
low complexity
linux redhat canonical CWE-863
5.5
2018-12-06 CVE-2018-9568 Incorrect Type Conversion or Cast vulnerability in multiple products
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion.
local
low complexity
google canonical redhat linux CWE-704
7.8