Linux

Linux Kernel

12214 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2019-17054

  • EPSS 0.1%
  • Veröffentlicht 01.10.2019 14:15:46
  • Zuletzt bearbeitet 21.11.2024 04:31:36

atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.

3.3

CVE-2019-17053

  • EPSS 0.1%
  • Veröffentlicht 01.10.2019 14:15:42
  • Zuletzt bearbeitet 21.11.2024 04:31:36

ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.

3.3

CVE-2019-17052

  • EPSS 0.09%
  • Veröffentlicht 01.10.2019 14:15:40
  • Zuletzt bearbeitet 21.11.2024 04:31:36

ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.

4.7

CVE-2019-16994

Exploit
  • EPSS 0.08%
  • Veröffentlicht 30.09.2019 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:30

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

7.8

CVE-2019-16995

Exploit
  • EPSS 2%
  • Veröffentlicht 30.09.2019 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:30

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

7.5

CVE-2019-16921

  • EPSS 0.27%
  • Veröffentlicht 27.09.2019 13:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:20

In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425...

9.8

CVE-2019-16746

  • EPSS 2.6%
  • Veröffentlicht 24.09.2019 06:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:06

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

7.5

CVE-2019-16714

  • EPSS 1.12%
  • Veröffentlicht 23.09.2019 12:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:02

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

7.8

CVE-2019-14814

Exploit
  • EPSS 0.25%
  • Veröffentlicht 20.09.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:24

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8

CVE-2019-14816

Exploit
  • EPSS 0.23%
  • Veröffentlicht 20.09.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:25

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.