4.14.118

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-10	CVE-2020-25220	Use After Free vulnerability in Linux Kernel The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. local low complexity linux CWE-416	7.2
2020-09-09	CVE-2020-25212	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. local linux debian opensuse canonical CWE-367	4.4
2020-09-09	CVE-2020-25211	Classic Buffer Overflow vulnerability in multiple products In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. local low complexity linux debian fedoraproject CWE-120	6.0
2020-09-03	CVE-2020-10720	Use After Free vulnerability in Linux Kernel A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. local low complexity linux CWE-416	4.9
2020-08-19	CVE-2020-14356	NULL Pointer Dereference vulnerability in multiple products A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. local low complexity linux redhat opensuse debian canonical netapp CWE-476	7.8
2020-08-19	CVE-2020-24394	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. local low complexity linux canonical opensuse oracle starwindsoftware CWE-732	7.1
2020-07-30	CVE-2020-16166	Use of Insufficiently Random Values vulnerability in multiple products The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. network high complexity linux opensuse fedoraproject debian canonical netapp oracle CWE-330	3.7
2020-07-15	CVE-2020-15780	Missing Authorization vulnerability in multiple products An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. local low complexity linux opensuse canonical CWE-862	7.2
2020-07-15	CVE-2019-20908	Improper Privilege Management vulnerability in multiple products An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. local linux opensuse canonical CWE-269	6.9
2020-07-13	CVE-2019-19338	Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. linux redhat CWE-203	2.1