Filtered by vendor Linux
Subscribe
Total
10566 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8956 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. | |||||
| CVE-2019-15927 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. | |||||
| CVE-2018-10675 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. | |||||
| CVE-2018-10901 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. | |||||
| CVE-2018-14619 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges. | |||||
| CVE-2017-2636 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-24 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
| CVE-2021-29266 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. | |||||
| CVE-2020-14356 | 6 Canonical, Debian, Linux and 3 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
| CVE-2019-18675 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation. | |||||
| CVE-2020-13974 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. | |||||
| CVE-2019-0145 | 2 Intel, Linux | 14 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 11 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-36387 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. | |||||
| CVE-2017-9074 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. | |||||
| CVE-2017-9076 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | |||||
| CVE-2017-9075 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | |||||
| CVE-2017-9077 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | |||||
| CVE-2017-9985 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | |||||
| CVE-2017-9984 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | |||||
| CVE-2018-11506 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | |||||
| CVE-2018-13406 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | |||||