Vulnerabilities > Linux > Linux Kernel > 3.18.48

DATE CVE VULNERABILITY TITLE RISK
2020-05-09 CVE-2020-12768 Memory Leak vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.6.
local
low complexity
linux canonical debian CWE-401
5.5
2020-05-08 CVE-2020-10690 Use After Free vulnerability in multiple products
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation.
6.4
2020-05-05 CVE-2020-12657 Use After Free vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 5.6.5.
local
low complexity
linux CWE-416
4.6
2020-05-05 CVE-2020-12656 Memory Leak vulnerability in multiple products
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak.
local
low complexity
linux canonical opensuse CWE-401
5.5
2020-05-05 CVE-2020-12655 Infinite Loop vulnerability in Linux Kernel
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.
local
low complexity
linux CWE-835
5.5
2020-05-05 CVE-2020-12653 Out-of-bounds Write vulnerability in multiple products
An issue was found in Linux kernel before 5.5.4.
local
low complexity
linux opensuse debian netapp CWE-787
4.6
2020-05-05 CVE-2020-12654 Out-of-bounds Write vulnerability in Linux Kernel
An issue was found in Linux kernel before 5.5.4.
high complexity
linux CWE-787
4.3
2020-05-05 CVE-2020-12652 Race Condition vulnerability in Linux Kernel
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a.
local
linux CWE-362
4.7
2020-04-29 CVE-2020-12464 Use After Free vulnerability in multiple products
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.
local
low complexity
linux netapp CWE-416
6.7
2020-04-12 CVE-2020-11725 Unspecified vulnerability in Linux Kernel
snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept.
local
low complexity
linux
7.8