Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux For Real Time
Subscriptions
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14814 | 6 Canonical, Debian, Linux and 3 more | 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more | 2024-08-05 | 7.8 High |
| There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | ||||
| CVE-2019-14815 | 3 Linux, Netapp, Redhat | 19 Linux Kernel, Altavault, Baseboard Management Controller and 16 more | 2024-08-05 | 7.8 High |
| A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. | ||||
| CVE-2019-13272 | 6 Canonical, Debian, Fedoraproject and 3 more | 25 Ubuntu Linux, Debian Linux, Fedora and 22 more | 2024-08-04 | 7.8 High |
| In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. | ||||
| CVE-2019-11884 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-08-04 | 3.3 Low |
| The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. | ||||
| CVE-2019-11833 | 5 Canonical, Debian, Fedoraproject and 2 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2024-08-04 | 5.5 Medium |
| fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. | ||||
| CVE-2019-10126 | 6 Canonical, Debian, Linux and 3 more | 29 Ubuntu Linux, Debian Linux, Linux Kernel and 26 more | 2024-08-04 | 9.8 Critical |
| A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. | ||||
| CVE-2019-7222 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2024-08-04 | 5.5 Medium |
| The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | ||||
| CVE-2019-3887 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2024-08-04 | 5.6 Medium |
| A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. | ||||
| CVE-2019-3460 | 4 Canonical, Debian, Linux and 1 more | 17 Ubuntu Linux, Debian Linux, Linux Kernel and 14 more | 2024-08-04 | 6.5 Medium |
| A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | ||||
| CVE-2019-3459 | 4 Canonical, Debian, Linux and 1 more | 17 Ubuntu Linux, Debian Linux, Linux Kernel and 14 more | 2024-08-04 | 6.5 Medium |
| A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | ||||
| CVE-2021-3752 | 6 Debian, Fedoraproject, Linux and 3 more | 28 Debian Linux, Fedora, Linux Kernel and 25 more | 2024-08-03 | 7.1 High |
| A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2021-3744 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-08-03 | 5.5 Medium |
| A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | ||||
| CVE-2021-3659 | 3 Fedoraproject, Linux, Redhat | 17 Fedora, Linux Kernel, Codeready Linux Builder and 14 more | 2024-08-03 | 5.5 Medium |
| A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2024-08-03 | 5.5 Medium |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||||
| CVE-2021-3656 | 3 Fedoraproject, Linux, Redhat | 31 Fedora, Linux Kernel, 3scale Api Management and 28 more | 2024-08-03 | 8.8 High |
| A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. | ||||
| CVE-2021-3609 | 3 Linux, Netapp, Redhat | 46 Linux Kernel, H300e, H300e Firmware and 43 more | 2024-08-03 | 7.0 High |
| .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | ||||
| CVE-2021-3501 | 4 Fedoraproject, Linux, Netapp and 1 more | 28 Fedora, Linux Kernel, Cloud Backup and 25 more | 2024-08-03 | 7.1 High |
| A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. | ||||
| CVE-2022-1011 | 6 Debian, Fedoraproject, Linux and 3 more | 39 Debian Linux, Fedora, Linux Kernel and 36 more | 2024-08-02 | 7.8 High |
| A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | ||||
| CVE-2022-0847 | 7 Fedoraproject, Linux, Netapp and 4 more | 42 Fedora, Linux Kernel, H300e and 39 more | 2024-08-02 | 7.8 High |
| A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. | ||||
| CVE-2022-0435 | 5 Fedoraproject, Linux, Netapp and 2 more | 40 Fedora, Linux Kernel, H300e and 37 more | 2024-08-02 | 8.8 High |
| A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | ||||