Vulnerabilities in The Linux Foundation

19 results

CVE-2018-14634HIGHAn integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otEPSS 14.8%KEV CVE-2018-14633HIGHA security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication EPSS 8.7%CVE-2019-1010245—The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attackEPSS 3.6%CVE-2018-14641MEDIUMA security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive,EPSS 2.9%CVE-2019-3874MEDIUMThe SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a dEPSS 1.8%CVE-2019-1010234—The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any EPSS 1.7%CVE-2019-1010249—The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can instaEPSS 1.1%CVE-2019-1010252—The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can EPSS 1.1%CVE-2019-1010250—The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can EPSS 1.1%CVE-2018-16880MEDIUMA flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions,EPSS 0.6%CVE-2019-3882MEDIUMA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device iEPSS 0.5%CVE-2019-3819MEDIUMA flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite looEPSS 0.5%CVE-2018-16885MEDIUMA flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buEPSS 0.4%CVE-2019-3896HIGHA double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw fEPSS 0.4%CVE-2018-16882MEDIUMA use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is EPSS 0.4%CVE-2019-3887MEDIUMA flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. InEPSS 0.4%CVE-2020-10751MEDIUMA flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would onlEPSS 0.3%CVE-2019-3901MEDIUMA race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particulaEPSS 0.3%CVE-2019-3837MEDIUMIt was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threEPSS 0.2%