Debian

Debian 11 (bullseye)

9132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.08%
  • Veröffentlicht 27.07.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 02:44:41

In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.

  • EPSS 2.75%
  • Veröffentlicht 27.07.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 03:19:58

In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.

  • EPSS 0.73%
  • Veröffentlicht 26.07.2019 13:15:13
  • Zuletzt bearbeitet 21.11.2024 04:26:22

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk h...

  • EPSS 0.7%
  • Veröffentlicht 26.07.2019 13:15:13
  • Zuletzt bearbeitet 21.11.2024 04:26:22

In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make...

  • EPSS 0.46%
  • Veröffentlicht 26.07.2019 05:15:10
  • Zuletzt bearbeitet 21.11.2024 04:02:19

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

  • EPSS 0.71%
  • Veröffentlicht 26.07.2019 05:15:10
  • Zuletzt bearbeitet 21.11.2024 04:02:19

An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.

  • EPSS 0.59%
  • Veröffentlicht 19.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:26

In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal ...

  • EPSS 0.82%
  • Veröffentlicht 17.07.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:25:24

In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.

Warnung Exploit
  • EPSS 52.2%
  • Veröffentlicht 17.07.2019 13:15:10
  • Zuletzt bearbeitet 06.11.2025 16:51:07

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with...

  • EPSS 2.57%
  • Veröffentlicht 05.07.2019 23:15:10
  • Zuletzt bearbeitet 21.11.2024 04:19:38

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to ...