Vulnerabilities > Linux > Linux Kernel > 4.14.42

DATE CVE VULNERABILITY TITLE RISK
2019-12-22 CVE-2019-19922 Resource Exhaustion vulnerability in multiple products
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1.
local
low complexity
linux debian canonical oracle netapp CWE-400
5.5
2019-12-17 CVE-2019-19241 Unspecified vulnerability in Linux Kernel
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709.
local
low complexity
linux
4.6
2019-12-17 CVE-2019-19816 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
local
low complexity
linux canonical debian netapp CWE-787
7.8
2019-12-12 CVE-2019-19770 Use After Free vulnerability in Linux Kernel
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file).
network
low complexity
linux CWE-416
8.2
2019-12-12 CVE-2019-19769 Use After Free vulnerability in multiple products
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
local
low complexity
linux fedoraproject CWE-416
6.7
2019-12-12 CVE-2019-19767 Use After Free vulnerability in Linux Kernel
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
network
linux CWE-416
4.3
2019-12-08 CVE-2019-19448 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
local
low complexity
linux debian canonical netapp CWE-416
7.8
2019-12-08 CVE-2019-19447 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
local
low complexity
linux netapp CWE-416
7.8
2019-12-05 CVE-2019-19602 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
5.4
2019-12-03 CVE-2019-19543 Use After Free vulnerability in Linux Kernel
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
local
low complexity
linux CWE-416
4.6