Vulnerabilities > Linux > Linux Kernel > 5.2.15

DATE CVE VULNERABILITY TITLE RISK
2019-11-07 CVE-2019-18807 Memory Leak vulnerability in Linux Kernel
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11.
network
low complexity
linux CWE-401
5.0
2019-11-07 CVE-2019-18806 Memory Leak vulnerability in Linux Kernel
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.
local
low complexity
linux CWE-401
2.1
2019-11-06 CVE-2019-18786 Use of Uninitialized Resource vulnerability in multiple products
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.
local
low complexity
linux canonical CWE-908
2.1
2019-11-04 CVE-2019-18683 Use After Free vulnerability in multiple products
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8.
7.0
2019-10-04 CVE-2019-17133 Classic Buffer Overflow vulnerability in multiple products
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
network
low complexity
linux debian canonical opensuse CWE-120
critical
9.8
2019-10-01 CVE-2019-17075 Unspecified vulnerability in Linux Kernel
An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2.
network
low complexity
linux
7.5
2019-10-01 CVE-2019-17056 Incorrect Default Permissions vulnerability in Linux Kernel
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
local
low complexity
linux CWE-276
3.3
2019-10-01 CVE-2019-17055 Missing Authorization vulnerability in multiple products
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
3.3
2019-10-01 CVE-2019-17054 Incorrect Default Permissions vulnerability in Linux Kernel
atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.
local
low complexity
linux CWE-276
3.3
2019-10-01 CVE-2019-17053 Incorrect Default Permissions vulnerability in Linux Kernel
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
local
low complexity
linux CWE-276
3.3