Vulnerabilities > Linux > Linux Kernel > 4.19.7

DATE CVE VULNERABILITY TITLE RISK
2019-03-05 CVE-2019-9213 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms.
local
low complexity
linux debian redhat opensuse canonical CWE-476
5.5
2019-02-25 CVE-2019-9162 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation.
local
low complexity
linux netapp canonical CWE-787
4.6
2019-02-22 CVE-2019-9003 Use After Free vulnerability in multiple products
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
network
low complexity
linux netapp canonical opensuse CWE-416
7.8
2019-02-22 CVE-2018-20784 Infinite Loop vulnerability in multiple products
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
network
low complexity
linux canonical redhat CWE-835
7.5
2019-02-21 CVE-2019-8980 Memory Leak vulnerability in multiple products
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
network
low complexity
linux canonical opensuse debian CWE-401
7.5
2019-02-18 CVE-2019-8912 Use After Free vulnerability in multiple products
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
local
low complexity
linux redhat canonical opensuse CWE-416
7.2
2019-02-15 CVE-2019-6974 Use After Free vulnerability in multiple products
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
network
high complexity
linux debian canonical f5 redhat CWE-416
8.1
2019-02-01 CVE-2019-7308 Numeric Errors vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
local
high complexity
linux canonical opensuse CWE-189
5.6
2019-01-29 CVE-2018-16880 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver.
local
high complexity
linux canonical CWE-787
7.0
2019-01-25 CVE-2019-3819 Infinite Loop vulnerability in multiple products
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace.
local
low complexity
linux debian canonical opensuse CWE-835
4.9