Download
| Alert*
|
oval:org.secpod.oval:def:605035
linux-image-4.19 is installed oval:org.secpod.oval:def:604544 linux-image-4.19 is installed oval:org.secpod.oval:def:2003557 fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. oval:org.secpod.oval:def:2003559 The Direct Rendering Manager subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager objects, which allows context-dependent attackers to cause a denial of service via an application that processes graphics data, as demonstrated by JavaScript code that creates ... oval:org.secpod.oval:def:2003555 None oval:org.secpod.oval:def:2004137 In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 oval:org.secpod.oval:def:2003630 In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1 ... oval:org.secpod.oval:def:2003635 In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:2003558 None oval:org.secpod.oval:def:2003642 In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for explo ... oval:org.secpod.oval:def:2003561 Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. oval:org.secpod.oval:def:2004139 In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- ... oval:org.secpod.oval:def:2004142 In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- ... oval:org.secpod.oval:def:2003599 A memory leak in the ql_alloc_large_buffers function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service by triggering pci_dma_mapping_error failures, aka CID-1acb8f2a7a9f. oval:org.secpod.oval:def:2003579 An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info- oval:org.secpod.oval:def:2003594 An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. oval:org.secpod.oval:def:2003816 A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. oval:org.secpod.oval:def:2003644 In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ... oval:org.secpod.oval:def:2003638 In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:2003600 An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse fails in aa_audit_rule_init in security/apparmor/audit.c. oval:org.secpod.oval:def:2004140 In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ... oval:org.secpod.oval:def:2004132 This CVE is missing description oval:org.secpod.oval:def:2004136 In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 oval:org.secpod.oval:def:2003593 An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write properly, which causes an i_size_read infinite loop and denial of service on SMP systems. oval:org.secpod.oval:def:2003584 An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. oval:org.secpod.oval:def:2004113 In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ... oval:org.secpod.oval:def:88371 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escala ... oval:org.secpod.oval:def:608638 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escala ... oval:org.secpod.oval:def:79852 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-29374 Jann Horn of Google reported a flaw in Linux"s virtual memory management. A parent and child process initially share all their memory, but ... oval:org.secpod.oval:def:2003665 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. oval:org.secpod.oval:def:606192 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-29374 Jann Horn of Google reported a flaw in Linux"s virtual memory management. A parent and child process initially share all their memory, but ... oval:org.secpod.oval:def:69861 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of s ... oval:org.secpod.oval:def:2003817 A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. oval:org.secpod.oval:def:69820 Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks. CVE-2020-12351 Andy Nguyen discovered a flaw in the Bluetooth implementation in the way L2CAP packets with A2MP CID are han ... oval:org.secpod.oval:def:605419 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of s ... oval:org.secpod.oval:def:2003656 The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security imp ... oval:org.secpod.oval:def:2003658 An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. oval:org.secpod.oval:def:2003657 An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. oval:org.secpod.oval:def:2003659 An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. oval:org.secpod.oval:def:2003661 An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. oval:org.secpod.oval:def:2003663 ** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it"s a one-time leak at the boot, the size is negligible, and it can"t be triggered at will. oval:org.secpod.oval:def:2003662 An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write because of a lack of headroom validation. oval:org.secpod.oval:def:2003645 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a process allocates a ptp device file and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exp ... oval:org.secpod.oval:def:2003647 A flaw was found in the Linux kernel"s implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. oval:org.secpod.oval:def:2003654 usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. oval:org.secpod.oval:def:2003653 A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service by corrupting a mountpoint reference counter. oval:org.secpod.oval:def:2003602 btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference oval:org.secpod.oval:def:2004129 In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 oval:org.secpod.oval:def:2004130 In the Linux kernel before 5.4.16, a race condition in tty- oval:org.secpod.oval:def:2004131 A stack information leak flaw was found in s390/s390x in the Linux kernels memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. oval:org.secpod.oval:def:2004138 ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service via a crafted journal size. oval:org.secpod.oval:def:2003666 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. oval:org.secpod.oval:def:2003671 In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 , there is a use-after-free in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context. ... oval:org.secpod.oval:def:2003673 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. oval:org.secpod.oval:def:2004127 A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm"s module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read thr ... oval:org.secpod.oval:def:2003812 In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. oval:org.secpod.oval:def:2003814 A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB . The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation is available. This flaw allows a local attacker to perform a Spectre V2 style ... oval:org.secpod.oval:def:2003813 A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced wh ... oval:org.secpod.oval:def:2003815 A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being "force disabled" when it is not and opens the system to Spectre v2 attacks. The highest threat f ... oval:org.secpod.oval:def:2003818 ** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case ... oval:org.secpod.oval:def:2003664 An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. oval:org.secpod.oval:def:2004115 In the Linux kernel before 5.7.8, fs/nfsd/vfs.c can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. oval:org.secpod.oval:def:2003646 A NULL pointer dereference flaw was found in the Linux kernel"s SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option protocol"s category bitmap into the SELinux extensible bitmap via the" ebitmap_netlbl_import" routine. While processing the CI ... oval:org.secpod.oval:def:2003648 A flaw was found in the Linux kernel"s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. oval:org.secpod.oval:def:2003650 An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. oval:org.secpod.oval:def:2003651 An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. oval:org.secpod.oval:def:2003633 An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-s ... oval:org.secpod.oval:def:69816 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush featu ... oval:org.secpod.oval:def:2003625 In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. oval:org.secpod.oval:def:2003624 In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. oval:org.secpod.oval:def:2003627 In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. oval:org.secpod.oval:def:2003626 In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. oval:org.secpod.oval:def:2003628 In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. oval:org.secpod.oval:def:2003611 In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call. oval:org.secpod.oval:def:2003614 relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service by triggering a NULL alloc_percpu result. oval:org.secpod.oval:def:2003613 In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. oval:org.secpod.oval:def:2003667 A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent proc ... oval:org.secpod.oval:def:2003655 An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. oval:org.secpod.oval:def:2003811 This CVE is missing description oval:org.secpod.oval:def:2004116 This CVE is missing description oval:org.secpod.oval:def:2003652 In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c mishandles invalid descriptors, aka CID-a246b4d54770. oval:org.secpod.oval:def:2003629 In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. oval:org.secpod.oval:def:2003591 An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev fails in hci_uart_set_proto in drivers/bluetooth/hci_ldisc.c. oval:org.secpod.oval:def:2003588 In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. oval:org.secpod.oval:def:2004143 An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. oval:org.secpod.oval:def:2003672 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. oval:org.secpod.oval:def:2003674 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. oval:org.secpod.oval:def:2003675 An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. oval:org.secpod.oval:def:2003649 An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. oval:org.secpod.oval:def:604822 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2020-2732 Paulo Bonzini discovered that the KVM implementation for Intel processors did not properly handle instruction emulation for L2 guests when n ... oval:org.secpod.oval:def:2003623 In the Linux kernel 5.4.0-rc2, there is a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c . oval:org.secpod.oval:def:2003603 ** DISPUTED ** A memory leak in the __ipmi_bmc_register function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service by triggering ida_simple_get failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this beca ... oval:org.secpod.oval:def:2003605 A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service by triggering mwifiex_map_pci_memory failures, aka CID-db8fd2cde932. oval:org.secpod.oval:def:2003604 ** DISPUTED ** A memory leak in the unittest_data_add function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service by triggering of_fdt_unflatten_tree failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unitt ... oval:org.secpod.oval:def:2003607 A memory leak in the crypto_report function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service by triggering crypto_report_alg failures, aka CID-ffdde5932042. oval:org.secpod.oval:def:2003606 Two memory leaks in the mwifiex_pcie_init_evt_ring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service by triggering mwifiex_map_pci_memory failures, aka CID-d10dcb615c8e. oval:org.secpod.oval:def:2003609 A memory leak in the bfad_im_get_stats function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service by triggering bfa_port_get_stats failures, aka CID-0e62395da2bd. oval:org.secpod.oval:def:69909 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821 Matt Delco reported a race condition in KVM"s coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. A local atta ... oval:org.secpod.oval:def:2003608 Two memory leaks in the rtl_usb_probe function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service , aka CID-3f9361695113. oval:org.secpod.oval:def:2003610 In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. oval:org.secpod.oval:def:2003668 A flaw was found in the Linux kernel"s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn"t correctly routing tunneled data over the encrypted link; rather sending the data unencrypte ... oval:org.secpod.oval:def:2005171 A memory leak in the ca8210_probe function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service by triggering ca8210_get_platform_data failures, aka CID-6402939ec86e. oval:org.secpod.oval:def:2005161 A memory leak in the adis_update_scan_mode function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service , aka CID-ab612b1daf41. oval:org.secpod.oval:def:2003637 In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:604541 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821 Matt Delco reported a race condition in KVM"s coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. A local atta ... oval:org.secpod.oval:def:69782 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables , a guest VM may manipulate the memory ma ... oval:org.secpod.oval:def:2003622 The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. oval:org.secpod.oval:def:2003590 An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects in net/core/net-sysfs.c, which will cause denial of service. oval:org.secpod.oval:def:2003631 In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD process ... oval:org.secpod.oval:def:2003612 An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel"s KVM hypervisor handled the "KVM_GET_EMULATED_CPUID" ioctl request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the "/dev/kvm" device co ... oval:org.secpod.oval:def:2003616 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. oval:org.secpod.oval:def:2003615 In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. oval:org.secpod.oval:def:2003618 In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. oval:org.secpod.oval:def:2003617 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. oval:org.secpod.oval:def:2003619 In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. oval:org.secpod.oval:def:2003621 In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. oval:org.secpod.oval:def:2003620 In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. oval:org.secpod.oval:def:2003601 fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices- oval:org.secpod.oval:def:2003586 An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. oval:org.secpod.oval:def:2003578 ** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kern ... oval:org.secpod.oval:def:2003577 ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service . NOTE: The vendor disputes this issues as not being a vulnerabili ... oval:org.secpod.oval:def:69893 Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios. oval:org.secpod.oval:def:2003592 An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. oval:org.secpod.oval:def:2003587 An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. oval:org.secpod.oval:def:2003576 ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service . NOTE: This has been disputed as not an issue. oval:org.secpod.oval:def:69738 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-20836 chenxiang reported a race condition in libsas, the kernel subsystem supporting Serial Attached SCSI devices, which could lead to a use-aft ... oval:org.secpod.oval:def:69740 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8553 Jan Beulich discovered that CVE-2015-2150 was not completely addressed. If a PCI physical function is passed through to a Xen guest, the gue ... oval:org.secpod.oval:def:2003660 ** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already ... |
