Vulnerabilities > Linux > Linux Kernel > 4.19.54

DATE CVE VULNERABILITY TITLE RISK
2019-01-25 CVE-2019-3819 Infinite Loop vulnerability in multiple products
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace.
local
low complexity
linux debian canonical opensuse CWE-835
4.9
2018-12-17 CVE-2018-20169 Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.19.9.
low complexity
linux canonical debian CWE-400
6.8
2018-10-08 CVE-2018-14656 Improper Input Validation vulnerability in Linux Kernel
A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.
local
low complexity
linux CWE-20
5.5
2018-07-26 CVE-2018-10878 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
canonical linux debian redhat CWE-787
7.8
2018-05-21 CVE-2018-1108 Use of Insufficiently Random Values vulnerability in multiple products
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data.
network
high complexity
linux canonical debian CWE-330
5.9
2018-04-11 CVE-2018-10021 Unspecified vulnerability in Linux Kernel
drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions.
local
low complexity
linux
5.5
2017-04-24 CVE-2010-5321 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761.
low complexity
linux CWE-772
4.3
2017-03-03 CVE-2015-2877 Information Exposure vulnerability in multiple products
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.
local
low complexity
linux redhat CWE-200
3.3
2016-10-10 CVE-2015-8955 Permissions, Privileges, and Access Controls vulnerability in multiple products
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
local
low complexity
linux google CWE-264
7.3
2016-05-09 CVE-2015-0571 Missing Authorization vulnerability in Linux Kernel
The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.
network
linux CWE-862
critical
9.3