Vulnerabilities > Linux > Linux Kernel > 4.14.177

DATE CVE VULNERABILITY TITLE RISK
2019-11-18 CVE-2019-19046 Memory Leak vulnerability in multiple products
A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20.
network
low complexity
linux fedoraproject opensuse CWE-401
6.5
2019-11-18 CVE-2019-19045 Memory Leak vulnerability in multiple products
A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.
local
low complexity
linux canonical opensuse CWE-401
4.9
2019-11-14 CVE-2019-0145 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
local
low complexity
intel linux CWE-120
7.8
2019-11-14 CVE-2019-18885 NULL Pointer Dereference vulnerability in Linux Kernel
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
local
low complexity
linux CWE-476
2.1
2019-11-07 CVE-2019-18807 Memory Leak vulnerability in Linux Kernel
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11.
network
low complexity
linux CWE-401
5.0
2019-11-07 CVE-2019-18806 Memory Leak vulnerability in Linux Kernel
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.
local
low complexity
linux CWE-401
2.1
2019-11-06 CVE-2019-18786 Use of Uninitialized Resource vulnerability in multiple products
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.
local
low complexity
linux canonical CWE-908
2.1
2019-10-08 CVE-2019-17351 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.
local
low complexity
xen linux CWE-770
4.9
2019-10-01 CVE-2019-17056 Incorrect Default Permissions vulnerability in Linux Kernel
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
local
low complexity
linux CWE-276
3.3
2019-10-01 CVE-2019-17055 Missing Authorization vulnerability in multiple products
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
3.3