Linux

Linux Kernel

12214 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-19767

Exploit
  • EPSS 0.38%
  • Veröffentlicht 12.12.2019 20:15:17
  • Zuletzt bearbeitet 21.11.2024 04:35:20

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.

7.5

CVE-2019-19768

  • EPSS 1.25%
  • Veröffentlicht 12.12.2019 20:15:17
  • Zuletzt bearbeitet 21.11.2024 04:35:20

In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).

6.7

CVE-2019-19769

  • EPSS 0.31%
  • Veröffentlicht 12.12.2019 20:15:17
  • Zuletzt bearbeitet 21.11.2024 04:35:20

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

8.2

CVE-2019-19770

Exploit
  • EPSS 1.12%
  • Veröffentlicht 12.12.2019 20:15:17
  • Zuletzt bearbeitet 21.11.2024 04:35:21

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as deb...

7.4

CVE-2019-14899

  • EPSS 0.06%
  • Veröffentlicht 11.12.2019 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:27:38

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiti...

7.8

CVE-2019-19448

Exploit
  • EPSS 0.2%
  • Veröffentlicht 08.12.2019 02:15:09
  • Zuletzt bearbeitet 21.11.2024 04:34:45

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer...

7.8

CVE-2019-19449

Exploit
  • EPSS 0.39%
  • Veröffentlicht 08.12.2019 02:15:09
  • Zuletzt bearbeitet 21.11.2024 04:34:45

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get...

7.8

CVE-2019-19447

Exploit
  • EPSS 1.23%
  • Veröffentlicht 08.12.2019 01:15:10
  • Zuletzt bearbeitet 21.11.2024 04:34:45

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

6.1

CVE-2019-19602

Exploit
  • EPSS 0.03%
  • Veröffentlicht 05.12.2019 14:15:09
  • Zuletzt bearbeitet 21.11.2024 04:35:01

fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of i...

7.8

CVE-2019-19543

  • EPSS 0.1%
  • Veröffentlicht 03.12.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:34:56

In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.