Vulnerabilities > Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-30 | CVE-2018-20509 | Information Exposure vulnerability in Linux Kernel 4.14.90 The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file. | 5.5 |
| 2019-04-29 | CVE-2019-11599 | Improper Locking vulnerability in Linux Kernel The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. | 7.0 |
| 2019-04-25 | CVE-2019-3900 | An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). | 7.7 |
| 2019-04-24 | CVE-2019-3882 | A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. | 5.5 |
| 2019-04-23 | CVE-2019-11487 | Use After Free vulnerability in multiple products The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. | 7.8 |
| 2019-04-23 | CVE-2019-11486 | Race Condition vulnerability in multiple products The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. | 7.0 |
| 2019-04-23 | CVE-2013-7470 | Resource Exhaustion vulnerability in Linux Kernel cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. | 5.9 |
| 2019-04-22 | CVE-2019-3901 | A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. | 4.7 |
| 2019-04-12 | CVE-2019-11191 | Race Condition vulnerability in Linux Kernel The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. | 2.5 |
| 2019-04-12 | CVE-2019-11190 | Race Condition vulnerability in Linux Kernel The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. | 4.7 |