Vulnerabilities > Linux

DATE CVE VULNERABILITY TITLE RISK
2019-11-07 CVE-2019-18807 Memory Leak vulnerability in Linux Kernel
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11.
network
low complexity
linux CWE-401
7.5
2019-11-07 CVE-2019-18806 Memory Leak vulnerability in Linux Kernel
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.
local
low complexity
linux CWE-401
5.5
2019-11-07 CVE-2019-18805 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11.
network
low complexity
linux opensuse redhat netapp broadcom CWE-190
critical
9.8
2019-11-06 CVE-2014-3180 Out-of-bounds Read vulnerability in multiple products
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read.
network
low complexity
linux google CWE-125
critical
9.1
2019-11-06 CVE-2019-18786 Use of Uninitialized Resource vulnerability in multiple products
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.
local
low complexity
linux canonical CWE-908
5.5
2019-11-04 CVE-2019-18683 Use After Free vulnerability in multiple products
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8.
7.0
2019-11-04 CVE-2019-18680 NULL Pointer Dereference vulnerability in Linux Kernel
An issue was discovered in the Linux kernel 4.4.x before 4.4.195.
network
low complexity
linux CWE-476
7.5
2019-10-18 CVE-2019-18198 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
local
low complexity
linux canonical CWE-772
7.8
2019-10-17 CVE-2019-17666 Classic Buffer Overflow vulnerability in multiple products
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
low complexity
linux debian canonical CWE-120
8.8
2019-10-08 CVE-2019-17351 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.
local
low complexity
xen linux CWE-770
6.5