Vulnerabilities > Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-24 | CVE-2019-15793 | Incorrect Default Permissions vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. | 8.8 |
| 2020-04-24 | CVE-2019-15792 | Type Confusion vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". | 7.8 |
| 2020-04-24 | CVE-2019-15791 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. | 7.8 |
| 2020-04-12 | CVE-2020-11725 | Unspecified vulnerability in Linux Kernel snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. | 7.8 |
| 2020-04-10 | CVE-2020-11669 | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. | 5.5 |
| 2020-04-09 | CVE-2020-8834 | Race Condition vulnerability in multiple products KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. | 6.5 |
| 2020-04-09 | CVE-2020-11668 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | 7.1 |
| 2020-04-08 | CVE-2019-20636 | Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | 6.7 |
| 2020-04-07 | CVE-2020-11609 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. | 4.3 |
| 2020-04-07 | CVE-2020-11608 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.6.1. | 4.3 |