Search CVE reports
81 – 90 of 1521 results
CVE-2019-9500
Medium prioritySome fixes available 37 of 43
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be...
29 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Fixed | Not affected |
linux-aws | — | — | — | Fixed | Not affected |
linux-aws-hwe | — | — | — | Not in release | Fixed |
linux-azure | — | — | — | Fixed | Fixed |
linux-azure-edge | — | — | — | Fixed | Fixed |
linux-euclid | — | — | — | Not in release | Not affected |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Fixed | Fixed |
linux-gcp-edge | — | — | — | Fixed | Not in release |
linux-gke | — | — | — | Not in release | Ignored |
linux-gke-4.15 | — | — | — | Fixed | Not in release |
linux-gke-5.0 | — | — | — | Not affected | Not in release |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Fixed | Fixed |
linux-hwe-edge | — | — | — | Not affected | Fixed |
linux-kvm | — | — | — | Fixed | Not affected |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Fixed | Ignored |
linux-oracle | — | — | — | Fixed | Fixed |
linux-raspi2 | — | — | — | Fixed | Not affected |
linux-snapdragon | — | — | — | Not affected | Not affected |
CVE-2019-3837
Medium prioritySome fixes available 1 of 5
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel...
27 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Not affected | Not affected |
linux-aws | — | — | — | Not affected | Not affected |
linux-aws-hwe | — | — | — | Not in release | Not affected |
linux-azure | — | — | — | Not affected | Not affected |
linux-azure-edge | — | — | — | Not affected | Not affected |
linux-euclid | — | — | — | Not in release | Ignored |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Not affected | Not affected |
linux-gcp-edge | — | — | — | Not affected | Not in release |
linux-gke | — | — | — | Not affected | Ignored |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Not affected | Not affected |
linux-hwe-edge | — | — | — | Not affected | Not affected |
linux-kvm | — | — | — | Not affected | Not affected |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Not affected | Ignored |
linux-oracle | — | — | — | Not affected | Not affected |
linux-raspi2 | — | — | — | Not affected | Not affected |
linux-snapdragon | — | — | — | Not affected | Not affected |
CVE-2019-11191
Negligible prioritySome fixes available 37 of 46
** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in...
29 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Fixed | Fixed |
linux-aws | — | — | — | Fixed | Fixed |
linux-aws-hwe | — | — | — | Not in release | Fixed |
linux-azure | — | — | — | Fixed | Fixed |
linux-azure-edge | — | — | — | Fixed | Fixed |
linux-euclid | — | — | — | Not in release | Ignored |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Fixed | Fixed |
linux-gcp-edge | — | — | — | Fixed | Not in release |
linux-gke | — | — | — | Not in release | Ignored |
linux-gke-4.15 | — | — | — | Fixed | Not in release |
linux-gke-5.0 | — | — | — | Not affected | Not in release |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Fixed | Fixed |
linux-hwe-edge | — | — | — | Not affected | Fixed |
linux-kvm | — | — | — | Fixed | Fixed |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Fixed | Ignored |
linux-oracle | — | — | — | Fixed | Fixed |
linux-raspi2 | — | — | — | Fixed | Fixed |
linux-snapdragon | — | — | — | Fixed | Fixed |
CVE-2019-11190
Low prioritySome fixes available 8 of 16
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has...
27 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Not affected | Fixed |
linux-aws | — | — | — | Not affected | Fixed |
linux-aws-hwe | — | — | — | Not in release | Not affected |
linux-azure | — | — | — | Not affected | Not affected |
linux-azure-edge | — | — | — | Not affected | Not affected |
linux-euclid | — | — | — | Not in release | Ignored |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Not affected | Not affected |
linux-gcp-edge | — | — | — | Not affected | Not in release |
linux-gke | — | — | — | Not affected | Ignored |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Not affected | Not affected |
linux-hwe-edge | — | — | — | Not affected | Not affected |
linux-kvm | — | — | — | Not affected | Fixed |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Not affected | Ignored |
linux-oracle | — | — | — | Not affected | Not affected |
linux-raspi2 | — | — | — | Not affected | Fixed |
linux-snapdragon | — | — | — | Fixed | Fixed |
CVE-2019-3887
Medium prioritySome fixes available 17 of 23
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when...
27 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Not affected | Not affected |
linux-aws | — | — | — | Not affected | Not affected |
linux-aws-hwe | — | — | — | Not in release | Not affected |
linux-azure | — | — | — | Fixed | Not affected |
linux-azure-edge | — | — | — | Fixed | Not affected |
linux-euclid | — | — | — | Not in release | Not affected |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Not affected | Not affected |
linux-gcp-edge | — | — | — | Fixed | Not in release |
linux-gke | — | — | — | Not affected | Ignored |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Fixed | Not affected |
linux-hwe-edge | — | — | — | Not affected | Not affected |
linux-kvm | — | — | — | Not affected | Not affected |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Not affected | Ignored |
linux-oracle | — | — | — | Not affected | Not affected |
linux-raspi2 | — | — | — | Not affected | Not affected |
linux-snapdragon | — | — | — | Not affected | Not affected |
CVE-2018-20449
Negligible priorityThe hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
27 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Not affected | Not affected |
linux-aws | — | — | — | Not affected | Not affected |
linux-aws-hwe | — | — | — | Not in release | Not affected |
linux-azure | — | — | — | Not affected | Not affected |
linux-azure-edge | — | — | — | Not affected | Not affected |
linux-euclid | — | — | — | Not in release | Ignored |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Not affected | Not affected |
linux-gcp-edge | — | — | — | Not affected | Not in release |
linux-gke | — | — | — | Not affected | Ignored |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Not affected | Not affected |
linux-hwe-edge | — | — | — | Not affected | Not affected |
linux-kvm | — | — | — | Not affected | Not affected |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Not affected | Ignored |
linux-oracle | — | — | — | Not affected | Not affected |
linux-raspi2 | — | — | — | Not affected | Not affected |
linux-snapdragon | — | — | — | Not affected | Not affected |
CVE-2019-10125
Medium priorityAn issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return...
27 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Not affected | Not affected |
linux-aws | — | — | — | Not affected | Not affected |
linux-aws-hwe | — | — | — | Not in release | Not affected |
linux-azure | — | — | — | Not affected | Not affected |
linux-azure-edge | — | — | — | Not affected | Not affected |
linux-euclid | — | — | — | Not in release | Ignored |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Not affected | Not affected |
linux-gcp-edge | — | — | — | Not affected | Not in release |
linux-gke | — | — | — | Not affected | Ignored |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Not affected | Not affected |
linux-hwe-edge | — | — | — | Not affected | Not affected |
linux-kvm | — | — | — | Not affected | Not affected |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Not affected | Ignored |
linux-oracle | — | — | — | Not affected | Not affected |
linux-raspi2 | — | — | — | Not affected | Not affected |
linux-snapdragon | — | — | — | Not affected | Not affected |
CVE-2019-3874
Medium prioritySome fixes available 45 of 53
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
29 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Fixed | Fixed |
linux-aws | — | — | — | Fixed | Fixed |
linux-aws-hwe | — | — | — | Not in release | Fixed |
linux-azure | — | — | — | Fixed | Fixed |
linux-azure-edge | — | — | — | Fixed | Fixed |
linux-euclid | — | — | — | Not in release | Ignored |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Fixed | Fixed |
linux-gcp-edge | — | — | — | Fixed | Not in release |
linux-gke | — | — | — | Not in release | Ignored |
linux-gke-4.15 | — | — | — | Fixed | Not in release |
linux-gke-5.0 | — | — | — | Not affected | Not in release |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Fixed | Fixed |
linux-hwe-edge | — | — | — | Not affected | Fixed |
linux-kvm | — | — | — | Fixed | Fixed |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Fixed | Ignored |
linux-oracle | — | — | — | Fixed | Fixed |
linux-raspi2 | — | — | — | Fixed | Fixed |
linux-snapdragon | — | — | — | Fixed | Fixed |
CVE-2019-9857
Medium priorityIn the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory...
27 affected packages
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-edge...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | — | Not affected | Not affected |
linux-aws | — | — | — | Not affected | Not affected |
linux-aws-hwe | — | — | — | Not in release | Not affected |
linux-azure | — | — | — | Not affected | Not affected |
linux-azure-edge | — | — | — | Not affected | Not affected |
linux-euclid | — | — | — | Not in release | Ignored |
linux-flo | — | — | — | Not in release | Ignored |
linux-gcp | — | — | — | Not affected | Not affected |
linux-gcp-edge | — | — | — | Not affected | Not in release |
linux-gke | — | — | — | Not affected | Ignored |
linux-goldfish | — | — | — | Not in release | Ignored |
linux-grouper | — | — | — | Not in release | Not in release |
linux-hwe | — | — | — | Not affected | Not affected |
linux-hwe-edge | — | — | — | Not affected | Not affected |
linux-kvm | — | — | — | Not affected | Not affected |
linux-lts-trusty | — | — | — | Not in release | Not in release |
linux-lts-utopic | — | — | — | Not in release | Not in release |
linux-lts-vivid | — | — | — | Not in release | Not in release |
linux-lts-wily | — | — | — | Not in release | Not in release |
linux-lts-xenial | — | — | — | Not in release | Not in release |
linux-maguro | — | — | — | Not in release | Not in release |
linux-mako | — | — | — | Not in release | Ignored |
linux-manta | — | — | — | Not in release | Not in release |
linux-oem | — | — | — | Not affected | Ignored |
linux-oracle | — | — | — | Not affected | Not affected |
linux-raspi2 | — | — | — | Not affected | Not affected |
linux-snapdragon | — | — | — | Not affected | Not affected |
CVE-2018-20669
Low prioritySome fixes available 22 of 40
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a...
49 affected packages
linux, linux-aws, linux-aws-5.0, linux-aws-5.3, linux-aws-5.4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
linux | — | — | Not affected | Fixed | Not affected |
linux-aws | — | — | Not affected | Fixed | Not affected |
linux-aws-5.0 | — | — | Not in release | Not affected | Not in release |
linux-aws-5.3 | — | — | Not in release | Not affected | Not in release |
linux-aws-5.4 | — | — | Not in release | Not affected | Not in release |
linux-aws-hwe | — | — | Not in release | Not in release | Fixed |
linux-azure | — | — | Not affected | Fixed | Fixed |
linux-azure-4.15 | — | — | Not in release | Fixed | Not in release |
linux-azure-5.3 | — | — | Not in release | Not affected | Not in release |
linux-azure-5.4 | — | — | Not in release | Not affected | Not in release |
linux-azure-edge | — | — | Not in release | Fixed | Not in release |
linux-euclid | — | — | Not in release | Not in release | Ignored |
linux-flo | — | — | Not in release | Not in release | Ignored |
linux-gcp | — | — | Not affected | Fixed | Fixed |
linux-gcp-4.15 | — | — | Not in release | Fixed | Not in release |
linux-gcp-5.3 | — | — | Not in release | Not affected | Not in release |
linux-gcp-5.4 | — | — | Not in release | Not affected | Not in release |
linux-gcp-edge | — | — | Not in release | Fixed | Not in release |
linux-gke | — | — | Not affected | Not in release | Ignored |
linux-gke-4.15 | — | — | Not in release | Fixed | Not in release |
linux-gke-5.0 | — | — | Not in release | Not affected | Not in release |
linux-gke-5.3 | — | — | Not in release | Not affected | Not in release |
linux-goldfish | — | — | Not in release | Not in release | Ignored |
linux-grouper | — | — | Not in release | Not in release | Not in release |
linux-hwe | — | — | Not in release | Fixed | Fixed |
linux-hwe-5.4 | — | — | Not in release | Not affected | Not in release |
linux-hwe-edge | — | — | Not in release | Not affected | Ignored |
linux-kvm | — | — | Not affected | Fixed | Not affected |
linux-lts-trusty | — | — | Not in release | Not in release | Not in release |
linux-lts-utopic | — | — | Not in release | Not in release | Not in release |
linux-lts-vivid | — | — | Not in release | Not in release | Not in release |
linux-lts-wily | — | — | Not in release | Not in release | Not in release |
linux-lts-xenial | — | — | Not in release | Not in release | Not in release |
linux-maguro | — | — | Not in release | Not in release | Not in release |
linux-mako | — | — | Not in release | Not in release | Ignored |
linux-manta | — | — | Not in release | Not in release | Not in release |
linux-oem | — | — | Not in release | Fixed | Ignored |
linux-oem-5.6 | — | — | Not affected | Not in release | Not in release |
linux-oem-osp1 | — | — | Not in release | Not affected | Not in release |
linux-oracle | — | — | Not affected | Fixed | Fixed |
linux-oracle-5.0 | — | — | Not in release | Not affected | Not in release |
linux-oracle-5.3 | — | — | Not in release | Not affected | Not in release |
linux-oracle-5.4 | — | — | Not in release | Not affected | Not in release |
linux-raspi | — | — | Not affected | Not in release | Not in release |
linux-raspi-5.4 | — | — | Not in release | Not affected | Not in release |
linux-raspi2 | — | — | Not affected | Fixed | Not affected |
linux-raspi2-5.3 | — | — | Not in release | Not affected | Not in release |
linux-riscv | — | — | Not affected | Not in release | Not in release |
linux-snapdragon | — | — | Not in release | Fixed | Not affected |