Vulnerabilities > Linux > Linux Kernel > 4.4.38

DATE CVE VULNERABILITY TITLE RISK
2019-04-11 CVE-2019-3460 Improper Input Validation vulnerability in multiple products
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
6.5
2019-04-11 CVE-2019-3459 Out-of-bounds Read vulnerability in multiple products
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
6.5
2019-03-21 CVE-2019-9857 Memory Leak vulnerability in Linux Kernel
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak).
local
low complexity
linux CWE-401
5.5
2019-03-21 CVE-2019-7222 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. 5.5
2019-03-21 CVE-2019-7221 Use After Free vulnerability in multiple products
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
7.8
2019-03-21 CVE-2018-19985 Out-of-bounds Read vulnerability in multiple products
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
low complexity
linux debian netapp CWE-125
4.6
2019-02-15 CVE-2019-6974 Use After Free vulnerability in multiple products
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
network
high complexity
linux debian canonical f5 redhat CWE-416
8.1
2019-02-01 CVE-2019-7308 Numeric Errors vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
local
high complexity
linux canonical opensuse CWE-189
5.6
2019-02-01 CVE-2016-10741 Race Condition vulnerability in multiple products
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.
local
high complexity
linux debian CWE-362
4.7
2019-01-31 CVE-2017-18360 Divide By Zero vulnerability in multiple products
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
local
low complexity
linux canonical CWE-369
5.5