Vulnerabilities > Linux > Linux Kernel > 4.14.139

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2019-3701 Out-of-bounds Write vulnerability in Linux Kernel
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13.
local
low complexity
linux debian canonical CWE-787
4.9
2018-12-27 CVE-2018-20511 Information Exposure vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 4.18.11.
local
low complexity
linux debian CWE-200
2.1
2018-12-17 CVE-2018-20169 Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.19.9.
low complexity
linux canonical debian CWE-400
6.8
2018-12-12 CVE-2018-18397 Incorrect Authorization vulnerability in multiple products
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
local
low complexity
linux redhat canonical CWE-863
2.1
2018-12-04 CVE-2018-19854 Information Exposure vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 4.19.3.
1.9
2018-12-03 CVE-2018-19824 Use After Free vulnerability in Linux Kernel
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
local
low complexity
linux canonical debian CWE-416
4.6
2018-11-21 CVE-2018-19407 NULL Pointer Dereference vulnerability in Linux Kernel
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
local
low complexity
linux canonical CWE-476
4.9
2018-11-21 CVE-2018-19406 NULL Pointer Dereference vulnerability in Linux Kernel
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
local
low complexity
linux CWE-476
4.9
2018-10-30 CVE-2018-18281 Incomplete Cleanup vulnerability in multiple products
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.
local
low complexity
linux canonical debian CWE-459
4.6
2018-10-29 CVE-2018-18710 Information Exposure vulnerability in Linux Kernel
An issue was discovered in the Linux kernel through 4.19.
local
low complexity
linux canonical debian CWE-200
2.1