Vulnerabilities > Linux > Linux Kernel > 4.14.118

DATE CVE VULNERABILITY TITLE RISK
2019-10-01 CVE-2019-17052 Incorrect Default Permissions vulnerability in multiple products
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
local
low complexity
linux debian fedoraproject canonical CWE-276
3.3
2019-09-30 CVE-2019-16994 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
4.7
2019-09-27 CVE-2019-16921 Improper Initialization vulnerability in Linux Kernel
In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.
network
low complexity
linux CWE-665
5.0
2019-09-24 CVE-2019-16746 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17.
network
low complexity
linux debian canonical fedoraproject opensuse CWE-120
critical
9.8
2019-09-20 CVE-2019-14816 Heap-based Buffer Overflow vulnerability in multiple products
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
7.8
2019-09-20 CVE-2019-14814 Heap-based Buffer Overflow vulnerability in multiple products
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
7.8
2019-09-19 CVE-2019-14821 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation.
8.8
2019-09-19 CVE-2019-16413 Infinite Loop vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 5.0.4.
network
low complexity
linux CWE-835
7.5
2019-09-17 CVE-2019-14835 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration.
7.8
2019-09-13 CVE-2019-15031 Information Exposure vulnerability in multiple products
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt.
local
low complexity
linux canonical opensuse redhat CWE-200
3.6