Vulnerabilities > Linux > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-22 CVE-2019-9003 Use After Free vulnerability in multiple products
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
network
low complexity
linux netapp canonical opensuse CWE-416
7.5
2019-02-21 CVE-2019-8980 Memory Leak vulnerability in multiple products
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
network
low complexity
linux canonical opensuse debian CWE-401
7.5
2019-02-18 CVE-2019-8912 Use After Free vulnerability in multiple products
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
local
low complexity
linux redhat canonical opensuse CWE-416
7.8
2019-02-15 CVE-2019-6974 Use After Free vulnerability in multiple products
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
network
high complexity
linux debian canonical f5 redhat CWE-416
8.1
2019-01-29 CVE-2018-16880 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver.
local
high complexity
linux canonical CWE-787
7.0
2019-01-03 CVE-2018-16882 Use After Free vulnerability in multiple products
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled.
local
low complexity
linux canonical CWE-416
8.8
2018-12-18 CVE-2018-16884 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel's NFS41+ subsystem.
8.0
2018-12-06 CVE-2018-9568 Incorrect Type Conversion or Cast vulnerability in multiple products
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion.
local
low complexity
google canonical redhat linux CWE-704
7.8
2018-12-03 CVE-2018-19824 Use After Free vulnerability in multiple products
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
local
low complexity
linux canonical debian CWE-416
7.8
2018-11-16 CVE-2018-18955 Incorrect Authorization vulnerability in multiple products
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges.
local
high complexity
linux canonical CWE-863
7.0