Vulnerabilities > Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-28 | CVE-2019-19318 | Use After Free vulnerability in multiple products In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, | 4.4 |
| 2019-11-27 | CVE-2019-19319 | Use After Free vulnerability in multiple products In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. | 6.5 |
| 2019-11-27 | CVE-2019-18660 | Information Exposure vulnerability in multiple products The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. | 4.7 |
| 2019-11-25 | CVE-2019-10207 | Unspecified vulnerability in Linux Kernel A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. | 5.5 |
| 2019-11-22 | CVE-2019-19227 | NULL Pointer Dereference vulnerability in Linux Kernel In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. | 5.5 |
| 2019-11-21 | CVE-2019-19037 | NULL Pointer Dereference vulnerability in Linux Kernel ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. | 5.5 |
| 2019-11-21 | CVE-2019-19039 | Information Exposure Through Log Files vulnerability in multiple products __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. | 5.5 |
| 2019-11-21 | CVE-2019-19036 | NULL Pointer Dereference vulnerability in Linux Kernel btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. | 5.5 |
| 2019-11-18 | CVE-2019-19083 | Memory Leak vulnerability in multiple products Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). | 4.7 |
| 2019-11-18 | CVE-2019-19082 | Memory Leak vulnerability in multiple products Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). | 4.7 |