Vulnerabilities > Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-22 | CVE-2019-19922 | Resource Exhaustion vulnerability in multiple products kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. | 5.5 |
| 2019-12-17 | CVE-2019-19815 | NULL Pointer Dereference vulnerability in Linux Kernel 5.0.21 In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. | 5.5 |
| 2019-12-17 | CVE-2019-19813 | Use After Free vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. | 5.5 |
| 2019-12-12 | CVE-2019-19769 | Use After Free vulnerability in multiple products In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | 6.7 |
| 2019-12-12 | CVE-2019-19767 | Use After Free vulnerability in Linux Kernel The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. | 5.5 |
| 2019-12-05 | CVE-2019-19602 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. | 6.1 |
| 2019-12-03 | CVE-2019-19537 | Race Condition vulnerability in Linux Kernel In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. | 4.2 |
| 2019-12-03 | CVE-2019-19536 | Missing Initialization of Resource vulnerability in multiple products In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | 4.6 |
| 2019-12-03 | CVE-2019-19535 | Missing Initialization of Resource vulnerability in multiple products In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. | 4.6 |
| 2019-12-03 | CVE-2019-19532 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. | 6.8 |