CVE-2019-3701
- EPSS 0.7%
- Veröffentlicht 03.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:21
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_AD...
CVE-2018-20511
- EPSS 0.45%
- Veröffentlicht 27.12.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:38
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next f...
- EPSS 1.46%
- Veröffentlicht 18.12.2018 22:29:04
- Zuletzt bearbeitet 21.11.2024 03:53:31
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container ...
CVE-2018-20169
- EPSS 0.59%
- Veröffentlicht 17.12.2018 07:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:00
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVE-2018-18397
- EPSS 0.51%
- Veröffentlicht 12.12.2018 10:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:52
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that fil...
CVE-2018-9517
- EPSS 0.42%
- Veröffentlicht 07.12.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:15:37
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: A...
CVE-2018-9518
- EPSS 0.26%
- Veröffentlicht 07.12.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:15:37
In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploi...
CVE-2018-9568
- EPSS 0.72%
- Veröffentlicht 06.12.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 04:15:43
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...
CVE-2018-19854
- EPSS 0.43%
- Veröffentlicht 04.12.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:41
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sens...
CVE-2018-19824
- EPSS 0.56%
- Veröffentlicht 03.12.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:37
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.