The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2018-16838 | A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | MEDIUM | Mar 25, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
| CVE-2021-3621 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | HIGH | Aug 17, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
| CVE-2021-3997 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | -- | Jan 11, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2023-2861 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | -- | Jun 12, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2020-14303 | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | MEDIUM | Jul 6, 2020 | 10.19.45.10 (Wind River Linux LTS 19) |
| CVE-2024-0443 | A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. | -- | Jan 12, 2024 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2022-4904 | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | -- | Feb 10, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2020-1760 | A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. | MEDIUM | Apr 23, 2020 | 10.19.45.7 (Wind River Linux LTS 19) |
| CVE-2019-19338 | A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has \'TSX\' enabled. Confidentiality of data is the highest threat associated with this vulnerability. | LOW | Jul 13, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2023-3161 | A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. | -- | Jun 8, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2021-3185 | A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. | HIGH | Jan 26, 2021 | 10.19.45.16 (Wind River Linux LTS 19) |
| CVE-2020-25643 | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | HIGH | Oct 11, 2020 | 10.19.45.13 (Wind River Linux LTS 19) |
| CVE-2023-42755 | A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service. | -- | Sep 27, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-27815 | A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | MEDIUM | Dec 2, 2020 | 10.19.45.16 (Wind River Linux LTS 19) |
| CVE-2021-3653 | A flaw was found in the KVM\'s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the int_ctl field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. | MEDIUM | Aug 17, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
| CVE-2021-3656 | A flaw was found in the KVM\'s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the virt_ext field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. | HIGH | Aug 17, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
| CVE-2022-0897 | A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt\'s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | MEDIUM | Mar 25, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2020-10767 | A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. | LOW | Sep 16, 2020 | 10.19.45.10 (Wind River Linux LTS 19) |
| CVE-2020-10768 | A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being \'force disabled\' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. | LOW | Sep 16, 2020 | 10.19.45.10 (Wind River Linux LTS 19) |
| CVE-2020-10781 | A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. | MEDIUM | Sep 16, 2020 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2020-14385 | A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. | MEDIUM | Sep 16, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2020-14386 | A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | HIGH | Sep 9, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2022-2977 | A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. | -- | Sep 17, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-1016 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \'return\' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | -- | Mar 30, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2023-1078 | A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. | -- | Feb 28, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2020-10757 | A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. | MEDIUM | Jun 13, 2020 | 10.19.45.9 (Wind River Linux LTS 19) |
| CVE-2020-14390 | A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. | MEDIUM | Sep 18, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2020-25645 | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | MEDIUM | Oct 20, 2020 | 10.19.45.13 (Wind River Linux LTS 19) |
| CVE-2021-20317 | A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. | MEDIUM | Sep 26, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2022-3169 | A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. | -- | Sep 9, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2021-3428 | A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. | MEDIUM | Mar 18, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
| CVE-2019-10126 | A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. | High | Jun 17, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2022-41858 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | -- | Nov 23, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2023-1079 | A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. | -- | Feb 28, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2020-14351 | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | MEDIUM | Dec 3, 2020 | 10.19.45.15 (Wind River Linux LTS 19) |
| CVE-2021-3760 | A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. | HIGH | Oct 28, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2020-25656 | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. | LOW | Nov 3, 2020 | 10.19.45.16 (Wind River Linux LTS 19) |
| CVE-2021-3669 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | -- | Aug 5, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2023-1075 | A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. | -- | Feb 28, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-1076 | A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. | -- | Feb 28, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2022-1199 | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2023-3772 | A flaw was found in the Linux kernel???s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. | -- | Jul 25, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2020-10751 | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. | LOW | May 27, 2020 | 10.19.45.9 (Wind River Linux LTS 19) |
| CVE-2020-25641 | A flaw was found in the Linux kernel\'s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | MEDIUM | Oct 11, 2020 | 10.19.45.14 (Wind River Linux LTS 19) |
| CVE-2020-10720 | A flaw was found in the Linux kernel\'s implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. | MEDIUM | Sep 3, 2020 | 10.19.45.10 (Wind River Linux LTS 19) |
| CVE-2022-2938 | A flaw was found in the Linux kernel\'s implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | -- | Aug 24, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2021-20177 | A flaw was found in the Linux kernel\'s implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. | LOW | Jan 13, 2021 | 10.19.45.16 (Wind River Linux LTS 19) |
| CVE-2020-10732 | A flaw was found in the Linux kernel\'s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | LOW | Jun 13, 2020 | 10.19.45.9 (Wind River Linux LTS 19) |
| CVE-2022-4129 | A flaw was found in the Linux kernel\'s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | -- | Nov 24, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2021-3732 | A flaw was found in the Linux kernel\'s OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible. | LOW | Aug 25, 2021 | 10.19.45.19 (Wind River Linux LTS 19) |
