Vulnerabilities > Linux > Linux Kernel > 4.4.74

DATE CVE VULNERABILITY TITLE RISK
2019-10-01 CVE-2019-17053 Incorrect Default Permissions vulnerability in Linux Kernel
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
local
low complexity
linux CWE-276
3.3
2019-10-01 CVE-2019-17052 Incorrect Default Permissions vulnerability in multiple products
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
local
low complexity
linux debian fedoraproject canonical CWE-276
3.3
2019-09-30 CVE-2019-16995 Memory Leak vulnerability in multiple products
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
network
low complexity
linux opensuse netapp CWE-401
7.5
2019-09-30 CVE-2019-16994 Memory Leak vulnerability in multiple products
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
local
high complexity
linux redhat opensuse CWE-401
4.7
2019-09-27 CVE-2019-16921 Improper Initialization vulnerability in Linux Kernel
In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.
network
low complexity
linux CWE-665
7.5
2019-09-24 CVE-2019-16746 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17.
network
low complexity
linux debian canonical fedoraproject opensuse CWE-120
critical
9.8
2019-09-23 CVE-2019-16714 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.
network
low complexity
linux canonical f5 CWE-909
7.5
2019-09-20 CVE-2019-14816 There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 7.8
2019-09-20 CVE-2019-14814 There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
local
low complexity
linux redhat debian canonical opensuse netapp
7.8
2019-09-19 CVE-2019-14821 An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. 8.8