The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2020-36385 | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | MEDIUM | Jun 7, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2019-15219 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | Medium | Aug 22, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-15218 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. | Medium | Aug 22, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-15212 | An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | Medium | Aug 23, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-15221 | An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. | Medium | Aug 22, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-15292 | An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. | High | Aug 26, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
CVE-2019-11810 | An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | High | May 10, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
CVE-2019-15921 | An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. | Medium | Sep 5, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-15917 | An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. | High | Sep 5, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-16413 | An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. | Medium | Oct 4, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
CVE-2019-15666 | An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. | HIGH | Aug 27, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-25045 | An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. | MEDIUM | Jun 7, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2019-15216 | An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. | Medium | Aug 23, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-15924 | An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure. | Medium | Sep 14, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-15214 | An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c. | Medium | Aug 23, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-15916 | An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | High | Sep 5, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-12819 | An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service. | Low | Jun 18, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
CVE-2019-15927 | An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. | High | Sep 5, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-12818 | An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. | Medium | Jun 18, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
CVE-2018-20836 | An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | High | May 8, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
CVE-2018-20169 | An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. | HIGH | Dec 17, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
CVE-2018-19854 | An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). | LOW | Dec 4, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
CVE-2018-20855 | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | LOW | Jul 26, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2018-20856 | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | MEDIUM | Jul 26, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2018-16658 | An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. | LOW | Sep 7, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-20511 | An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. | LOW | Dec 29, 2018 | 10.17.41.16 (Wind River Linux LTS 17) |
CVE-2018-21008 | An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. | Medium | Sep 5, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2017-18595 | An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | High | Sep 5, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2020-26147 | An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. | LOW | May 11, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2020-13974 | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. | HIGH | Jun 9, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
CVE-2021-26932 | An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. | LOW | Feb 17, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2020-9383 | An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. | LOW | Feb 25, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
CVE-2021-26930 | An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn\'t mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. | MEDIUM | Feb 17, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2021-26931 | An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn\'t correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. | LOW | Feb 17, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2020-26139 | An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. | MEDIUM | May 11, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
CVE-2018-7755 | An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. | LOW | Mar 8, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2019-9641 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. | High | Mar 27, 2019 | 10.17.41.27 (Wind River Linux LTS 17) |
CVE-2019-9638 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. | High | Mar 27, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
CVE-2019-9639 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. | High | Mar 27, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
CVE-2019-9640 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. | High | Mar 27, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
CVE-2022-23096 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-23098 | An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2022-23097 | An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | MEDIUM | Feb 9, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
CVE-2014-10402 | An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | LOW | Sep 16, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2019-20919 | An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | MEDIUM | Sep 18, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2018-19932 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. | MEDIUM | Dec 11, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
CVE-2018-19931 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. | MEDIUM | Dec 11, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
CVE-2019-12972 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \'\\0\' character. | Medium | Jun 27, 2019 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2019-9074 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. | Medium | Mar 15, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
CVE-2019-17451 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. | MEDIUM | Oct 10, 2019 | 10.17.41.20 (Wind River Linux LTS 17) |