4.19.3

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-25	CVE-2019-9162	Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. local low complexity linux netapp canonical CWE-787	4.6
2019-02-22	CVE-2019-9003	Use After Free vulnerability in multiple products In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. network low complexity linux netapp canonical opensuse CWE-416	7.8
2019-02-22	CVE-2018-20784	Infinite Loop vulnerability in multiple products In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. network low complexity linux canonical redhat CWE-835	7.5
2019-02-21	CVE-2019-8980	Memory Leak vulnerability in multiple products A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. network low complexity linux canonical opensuse debian CWE-401	7.5
2019-02-18	CVE-2019-8912	Use After Free vulnerability in multiple products In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. local low complexity linux redhat canonical opensuse CWE-416	7.2
2019-02-15	CVE-2019-6974	Use After Free vulnerability in multiple products In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. network high complexity linux debian canonical f5 redhat CWE-416	8.1
2019-02-01	CVE-2019-7308	Numeric Errors vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. local high complexity linux canonical opensuse CWE-189	5.6
2019-01-29	CVE-2018-16880	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. local high complexity linux canonical CWE-787	7.0
2019-01-25	CVE-2019-3819	Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. local low complexity linux debian canonical opensuse CWE-835	4.9
2019-01-07	CVE-2019-5489	Cleartext Transmission of Sensitive Information vulnerability in multiple products The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. local low complexity linux netapp CWE-319	2.1