Vulnerabilities > Linux > Linux Kernel > 4.9.167

DATE CVE VULNERABILITY TITLE RISK
2019-12-12 CVE-2019-19767 Use After Free vulnerability in Linux Kernel
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
local
low complexity
linux CWE-416
5.5
2019-12-08 CVE-2019-19448 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
local
low complexity
linux debian canonical netapp CWE-416
7.8
2019-12-08 CVE-2019-19447 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
local
low complexity
linux netapp CWE-416
7.8
2019-12-05 CVE-2019-19602 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
local
low complexity
linux canonical CWE-119
6.1
2019-12-03 CVE-2019-19543 Use After Free vulnerability in Linux Kernel
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
local
low complexity
linux CWE-416
7.8
2019-12-03 CVE-2019-19537 Race Condition vulnerability in Linux Kernel
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9.
high complexity
linux CWE-362
4.2
2019-12-03 CVE-2019-19536 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
low complexity
linux debian opensuse CWE-909
4.6
2019-12-03 CVE-2019-19535 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
4.6
2019-12-03 CVE-2019-19534 Missing Initialization of Resource vulnerability in multiple products
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
low complexity
linux debian canonical CWE-909
2.4
2019-12-03 CVE-2019-19533 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
low complexity
linux CWE-772
2.4