Linux

Linux Kernel

14575 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-3882

  • EPSS 0.04%
  • Veröffentlicht 24.04.2019 16:29:02
  • Zuletzt bearbeitet 21.11.2024 04:42:47

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of th...

7

CVE-2019-11486

  • EPSS 0.05%
  • Veröffentlicht 23.04.2019 22:29:05
  • Zuletzt bearbeitet 21.11.2024 04:21:10

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.

7.8

CVE-2019-11487

Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.04.2019 22:29:05
  • Zuletzt bearbeitet 21.11.2024 04:21:11

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs...

7.1

CVE-2013-7470

  • EPSS 1.2%
  • Veröffentlicht 23.04.2019 03:29:00
  • Zuletzt bearbeitet 21.11.2024 02:01:05

cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE...

4.7

CVE-2019-3901

  • EPSS 0.07%
  • Veröffentlicht 22.04.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:49

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target ...

4.7

CVE-2019-11190

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:41

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition wh...

2.5

CVE-2019-11191

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:42

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aou...

6.5

CVE-2019-3459

Exploit
  • EPSS 0.47%
  • Veröffentlicht 11.04.2019 16:29:02
  • Zuletzt bearbeitet 21.11.2024 04:42:05

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

6.5

CVE-2019-3460

Exploit
  • EPSS 0.47%
  • Veröffentlicht 11.04.2019 16:29:02
  • Zuletzt bearbeitet 21.11.2024 04:42:05

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

6.1

CVE-2019-3837

  • EPSS 0.09%
  • Veröffentlicht 11.04.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:39

It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabl...