Vulnerabilities > Linux > Linux Kernel > 5.3

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2019-20422 Improper Handling of Exceptional Conditions vulnerability in Linux Kernel
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.
local
low complexity
linux CWE-755
2.1
2020-01-16 CVE-2019-18282 Use of Insufficiently Random Values vulnerability in multiple products
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f.
network
low complexity
linux debian netapp CWE-330
5.0
2020-01-09 CVE-2019-19332 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor.
local
low complexity
linux redhat CWE-787
6.1
2019-12-25 CVE-2019-19965 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
1.9
2019-12-24 CVE-2019-19947 Use of Uninitialized Resource vulnerability in multiple products
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
4.6
2019-12-23 CVE-2019-5108 Improper Authentication vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3.
3.3
2019-12-22 CVE-2019-19922 Resource Exhaustion vulnerability in multiple products
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1.
local
low complexity
linux debian canonical oracle netapp CWE-400
5.5
2019-12-17 CVE-2019-19241 Unspecified vulnerability in Linux Kernel
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709.
local
low complexity
linux
4.6
2019-12-15 CVE-2019-19807 Use After Free vulnerability in multiple products
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5.
local
low complexity
linux canonical CWE-416
7.8
2019-12-12 CVE-2019-19769 Use After Free vulnerability in multiple products
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
local
low complexity
linux fedoraproject CWE-416
6.7