The Linux Foundation Kernel vulnerabilities

CVE-2020-10751 [MEDIUM] CWE-349 CVE-2020-10751: A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it i A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without fur

CVE-2019-3896 [HIGH] CWE-416 CVE-2019-3896: A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivi A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).

CVE-2019-3882 [MEDIUM] CWE-770 CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the u A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.

CVE-2019-3901 [MEDIUM] CWE-667 CVE-2019-3901: A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid prog A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches t

CVE-2019-3837 [MEDIUM] CWE-362 CVE-2019-3837: It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thre It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or

CVE-2019-3887 [MEDIUM] CWE-863 CVE-2019-3887: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access wi A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versio

CVE-2019-3874 [MEDIUM] CWE-400 CVE-2019-3874: The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

CVE-2018-16880 [HIGH] CWE-787 CVE-2018-16880: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious v A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled

CVE-2018-16885 [MEDIUM] CWE-125 CVE-2018-16885: A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and sim A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x

CVE-2018-14634 [HIGH] CWE-190 CVE-2018-14634: An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileg An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

CVE-2018-14633 [HIGH] CWE-121 CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the vi

CVE-2018-14641 [MEDIUM] CWE-456 CVE-2018-14641: A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux ker A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-