Linux: >> Linux Kernel >> 2.1.64 Security Vulnerabilities
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-04-11
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-04-11
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-03-21
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-03-21
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-03-21
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
CVSS Score
4.6
EPSS Score
0.0
Published
2019-03-21
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
CVSS Score
5.6
EPSS Score
0.0
Published
2019-02-01
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.
CVSS Score
4.7
EPSS Score
0.001
Published
2019-02-01
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-01-31
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-01-07