axkuhta / android_kernel_asus_sm8250 Goto Github PK
View Code? Open in Web Editor NEWASUS ZenFone 7 stock ROM kernel (Android 10)
License: Other
android_kernel_asus_sm8250's People
Contributors
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Watchers
Forkers
backup-gitsandroid_kernel_asus_sm8250's Issues
CVE-2020-29371 (Low) detected in Linuxv5.1, linuxlinux-4.20.17
CVE-2020-29371 - Low Severity Vulnerability
Vulnerable Libraries - Linuxv5.1, linuxlinux-4.20.17
Vulnerability Details
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
Publish Date: 2020-11-28
URL: CVE-2020-29371
CVSS 3 Score Details (3.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29371
Release Date: 2020-11-28
Fix Resolution: v5.9-rc2,v5.8.4,v5.7.18,v5.4.61
Step up your Open Source Security Game with WhiteSource here
CVE-2020-10767 (Medium) detected in linuxlinux-4.19.110
CVE-2020-10767 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.110
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.
Publish Date: 2020-09-15
URL: CVE-2020-10767
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10767
Release Date: 2020-07-21
Fix Resolution: v5.8-rc1,v4.4.228,v4.9.228,v4.14.185,v4.19.129,v5.4.47,v5.7.3
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19047 (Medium) detected in linuxv4.19
CVE-2019-19047 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5.
Publish Date: 2019-11-18
URL: CVE-2019-19047
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19047
Release Date: 2019-11-18
Fix Resolution: v5.4-rc6
Step up your Open Source Security Game with WhiteSource here
CVE-2019-12379 (Medium) detected in linuxv4.19
CVE-2019-12379 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.
Publish Date: 2019-05-28
URL: CVE-2019-12379
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12379
Release Date: 2019-05-28
Fix Resolution: v5.1-rc6
Step up your Open Source Security Game with WhiteSource here
CVE-2020-0432 (High) detected in linuxv4.19
CVE-2020-0432 - High Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807
Publish Date: 2020-09-17
URL: CVE-2020-0432
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2020-0432
Release Date: 2020-07-21
Fix Resolution: v4.4.213,v4.9.213,v4.14.170,v4.19.101,v5.4.17,v5.5.1,v5.6-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2021-26931 (Medium) detected in multiple libraries
CVE-2021-26931 - Medium Severity Vulnerability
Vulnerable Libraries - linux-yoctov4.19.111, linuxv4.19, linuxlinux-4.20.17
Vulnerability Details
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
Publish Date: 2021-02-17
URL: CVE-2021-26931
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19602 (Medium) detected in arcarc-5.0-final
CVE-2019-19602 - Medium Severity Vulnerability
Vulnerable Library - arcarc-5.0-final
ARC (Synopsys) arch tree
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
Publish Date: 2019-12-05
URL: CVE-2019-19602
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19602
Release Date: 2019-12-05
Fix Resolution: v5.5-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19056 (Medium) detected in linuxv4.19
CVE-2019-19056 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.
Publish Date: 2019-11-18
URL: CVE-2019-19056
CVSS 3 Score Details (4.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19056
Release Date: 2019-11-18
Fix Resolution: v5.5-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2020-10773 (Medium) detected in arcarc-5.0-final
CVE-2020-10773 - Medium Severity Vulnerability
Vulnerable Library - arcarc-5.0-final
ARC (Synopsys) arch tree
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
Publish Date: 2020-09-10
URL: CVE-2020-10773
CVSS 3 Score Details (4.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: gregkh/linux@b8e51a6
Release Date: 2020-07-21
Fix Resolution: v5.4-rc6
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19332 (Medium) detected in linuxlinux-4.19.81 - autoclosed
CVE-2019-19332 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.81
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
Publish Date: 2020-01-09
URL: CVE-2019-19332
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2019-19332
Release Date: 2020-03-13
Fix Resolution: v5.5-rc1,v3.16.79,v4.14.159,v4.19.89,v4.4.207,v4.9.207,v5.3.16,v5.4.3
Step up your Open Source Security Game with WhiteSource here
CVE-2019-15923 (Medium) detected in linux-yocto-devv5.2, linuxlinux-4.20.17
CVE-2019-15923 - Medium Severity Vulnerability
Vulnerable Libraries - linux-yocto-devv5.2, linuxlinux-4.20.17
Vulnerability Details
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.
Publish Date: 2019-09-04
URL: CVE-2019-15923
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
Release Date: 2019-09-04
Fix Resolution: v5.1-rc4
Step up your Open Source Security Game with WhiteSource here
CVE-2021-28660 (High) detected in linuxlinux-4.19.110, linuxv4.19
CVE-2021-28660 - High Severity Vulnerability
Vulnerable Libraries - linuxlinux-4.19.110, linuxv4.19
Vulnerability Details
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
Publish Date: 2021-03-17
URL: CVE-2021-28660
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2021-28660
Release Date: 2021-03-17
Fix Resolution: v5.11.6
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19057 (Low) detected in linuxv4.19
CVE-2019-19057 - Low Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
Publish Date: 2019-11-18
URL: CVE-2019-19057
CVSS 3 Score Details (3.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19057
Release Date: 2019-11-18
Fix Resolution: v5.5-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-18198 (High) detected in linuxlinux-4.19.110, linuxv4.19
CVE-2019-18198 - High Severity Vulnerability
Vulnerable Libraries - linuxlinux-4.19.110, linuxv4.19
Vulnerability Details
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
Publish Date: 2019-10-18
URL: CVE-2019-18198
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18198
Release Date: 2019-10-18
Fix Resolution: v5.4-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2020-29661 (High) detected in linuxv4.19
CVE-2020-29661 - High Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
Publish Date: 2020-12-09
URL: CVE-2020-29661
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://github.com/gregkh/linux/releases/tag/v5.10-rc7
Release Date: 2020-12-09
Fix Resolution: v5.10-rc7
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19051 (Medium) detected in linuxv4.19
CVE-2019-19051 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (3)
Vulnerability Details
A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.
Publish Date: 2019-11-18
URL: CVE-2019-19051
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19051
Release Date: 2019-11-18
Fix Resolution: v5.4-rc6
Step up your Open Source Security Game with WhiteSource here
CVE-2020-35499 (Medium) detected in linux-yoctov4.19.110
CVE-2020-35499 - Medium Severity Vulnerability
Vulnerable Library - linux-yoctov4.19.110
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.
Publish Date: 2021-02-19
URL: CVE-2020-35499
CVSS 3 Score Details (6.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2020-35499
Release Date: 2021-02-19
Fix Resolution: v5.10.4
Step up your Open Source Security Game with WhiteSource here
CVE-2019-15922 (Medium) detected in linux-yocto-devv5.2, linuxlinux-4.20.17
CVE-2019-15922 - Medium Severity Vulnerability
Vulnerable Libraries - linux-yocto-devv5.2, linuxlinux-4.20.17
Vulnerability Details
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.
Publish Date: 2019-09-04
URL: CVE-2019-15922
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
Release Date: 2019-09-04
Fix Resolution: v5.1-rc4
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19053 (High) detected in linuxlinux-4.19.110
CVE-2019-19053 - High Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.110
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.
Publish Date: 2019-11-18
URL: CVE-2019-19053
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19053
Release Date: 2019-11-18
Fix Resolution: v5.5-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19448 (High) detected in linuxlinux-4.19.110
CVE-2019-19448 - High Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.110
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (1)
Vulnerability Details
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
Publish Date: 2019-12-08
URL: CVE-2019-19448
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2019-19448
Release Date: 2020-11-02
Fix Resolution: v4.4.233, v4.9.233, v4.14.194, v4.19.141, v5.4.60, v5.7.17, v5.8.3
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19044 (High) detected in linux-yoctov5.3.18
CVE-2019-19044 - High Severity Vulnerability
Vulnerable Library - linux-yoctov5.3.18
Yocto Linux Embedded kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.
Publish Date: 2019-11-18
URL: CVE-2019-19044
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19044
Release Date: 2019-11-18
Fix Resolution: v5.4-rc6
Step up your Open Source Security Game with WhiteSource here
CVE-2020-25211 (Medium) detected in linuxlinux-4.19.110
CVE-2020-25211 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.110
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (1)
Vulnerability Details
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
Publish Date: 2020-09-09
URL: CVE-2020-25211
CVSS 3 Score Details (6.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: gregkh/linux@1cc5ef91d2ff
Release Date: 2020-09-09
Fix Resolution: v4.4.239,v4.9.239,v4.14.201,v4.19.150,v5.4.70,v5.8.13,v5.9-rc7
Step up your Open Source Security Game with WhiteSource here
CVE-2020-27194 (Medium) detected in linuxlinux-4.19.110
CVE-2020-27194 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.110
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a.
Publish Date: 2020-10-16
URL: CVE-2020-27194
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2020-27194
Release Date: 2020-10-30
Fix Resolution: v5.8.15, v5.9
Step up your Open Source Security Game with WhiteSource here
CVE-2020-0431 (Medium) detected in linuxlinux-4.19.81 - autoclosed
CVE-2020-0431 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.81
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (1)
Vulnerability Details
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
Publish Date: 2020-09-17
URL: CVE-2020-0431
CVSS 3 Score Details (6.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2020-0431
Release Date: 2020-07-21
Fix Resolution: v3.16.83,4.4.210,v4.9.210,v4.14.165,v4.19.96,v5.4.12
Step up your Open Source Security Game with WhiteSource here
CVE-2020-0427 (Medium) detected in linuxlinux-4.19.81 - autoclosed
CVE-2020-0427 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.81
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
Publish Date: 2020-09-17
URL: CVE-2020-0427
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2020-0427
Release Date: 2020-07-21
Fix Resolution: v4.14.161,v4.19.92,v5.4.7,v5.5-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2021-26932 (Medium) detected in linuxlinux-4.19.110, arcarc-4.18-final
CVE-2021-26932 - Medium Severity Vulnerability
Vulnerable Libraries - linuxlinux-4.19.110, arcarc-4.18-final
Vulnerability Details
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
Publish Date: 2021-02-17
URL: CVE-2021-26932
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19048 (High) detected in linuxlinux-4.19.81 - autoclosed
CVE-2019-19048 - High Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.81
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka CID-e0b0cb938864.
Publish Date: 2019-11-18
URL: CVE-2019-19048
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19048
Release Date: 2019-11-18
Fix Resolution: v5.4-rc3
Step up your Open Source Security Game with WhiteSource here
CVE-2021-0448 (Medium) detected in linuxlinux-4.19.110
CVE-2021-0448 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.110
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (1)
Vulnerability Details
A security vulnerability was found in Linux Kernel before 4.4.239, 4.9.239, 4.14.201, 4.19.150, 5.4.70, and 5.8.13. Missing range check for l3/l4 protonum in netfilter.c
Publish Date: 2020-11-07
URL: CVE-2021-0448
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2021-0448
Release Date: 2020-11-07
Fix Resolution: v4.4.239,v4.9.239,v4.14.201,v4.19.150,v5.4.70,v5.8.13
Step up your Open Source Security Game with WhiteSource here
CVE-2020-15780 (Medium) detected in fedorav4.16
CVE-2020-15780 - Medium Severity Vulnerability
Vulnerable Library - fedorav4.16
Fedora kernel git tree
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
Publish Date: 2020-07-15
URL: CVE-2020-15780
CVSS 3 Score Details (6.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15780
Release Date: 2020-07-15
Fix Resolution: v5.8-rc3
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19054 (Medium) detected in linuxv4.20
CVE-2019-19054 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.20
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
Publish Date: 2019-11-18
URL: CVE-2019-19054
CVSS 3 Score Details (4.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19054
Release Date: 2019-11-18
Fix Resolution: v5.5-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-12378 (Medium) detected in linuxlinux-4.19.110, linuxv4.19
CVE-2019-12378 - Medium Severity Vulnerability
Vulnerable Libraries - linuxlinux-4.19.110, linuxv4.19
Vulnerability Details
** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.
Publish Date: 2019-05-28
URL: CVE-2019-12378
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12378
Release Date: 2019-05-28
Fix Resolution: v5.1-rc6
Step up your Open Source Security Game with WhiteSource here
CVE-2021-0447 (Medium) detected in linuxlinux-4.19.110
CVE-2021-0447 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.110
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (1)
Vulnerability Details
A security vulnerability was found in Linux Kernel before 3.2.99, 3.16.54, 4.4.225, 4.9.225 and 4.14.182. Pppol2tp_session_create() registers sessions that can't have their
corresponding socket initialised.
Publish Date: 2020-11-07
URL: CVE-2021-0447
CVSS 3 Score Details (4.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2021-0447
Release Date: 2020-11-07
Fix Resolution: 3.2.99,v3.16.54,v4.4.225,v4.9.225,v4.14.182
Step up your Open Source Security Game with WhiteSource here
CVE-2020-11609 (Medium) detected in pcipci-v4.20-changes, linuxv4.19
CVE-2020-11609 - Medium Severity Vulnerability
Vulnerable Libraries - pcipci-v4.20-changes, linuxv4.19
Vulnerability Details
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.
Publish Date: 2020-04-07
URL: CVE-2020-11609
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Physical
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-11609
Release Date: 2020-04-07
Fix Resolution: linux - v5.7-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-10220 (High) detected in Linuxv5.1
CVE-2019-10220 - High Severity Vulnerability
Vulnerable Library - Linuxv5.1
Clone of Linux Kernel Source Tree
Library home page: https://github.com/Progyan1997/Linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
Publish Date: 2019-11-27
URL: CVE-2019-10220
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10220
Release Date: 2019-11-27
Fix Resolution: v5.4-rc2
Step up your Open Source Security Game with WhiteSource here
CVE-2020-29534 (High) detected in linux-yoctov5.0.17, Linuxv5.1
CVE-2020-29534 - High Severity Vulnerability
Vulnerable Libraries - linux-yoctov5.0.17, Linuxv5.1
Vulnerability Details
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.
Publish Date: 2020-12-03
URL: CVE-2020-29534
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29534
Release Date: 2020-12-03
Fix Resolution: v5.9.3
Step up your Open Source Security Game with WhiteSource here
CVE-2020-25212 (High) detected in soundv5.6
CVE-2020-25212 - High Severity Vulnerability
Vulnerable Library - soundv5.6
Sound sub-system tree
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
Publish Date: 2020-09-09
URL: CVE-2020-25212
CVSS 3 Score Details (7.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212
Release Date: 2020-09-09
Fix Resolution: 5.8.3
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19058 (Medium) detected in linuxv4.19
CVE-2019-19058 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.
Publish Date: 2019-11-18
URL: CVE-2019-19058
CVSS 3 Score Details (4.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19058
Release Date: 2019-11-18
Fix Resolution: v5.4-rc4
Step up your Open Source Security Game with WhiteSource here
CVE-2021-28952 (High) detected in linuxv4.19
CVE-2021-28952 - High Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)
Publish Date: 2021-03-20
URL: CVE-2021-28952
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Change files
Origin: gregkh/linux@1c668e1
Release Date: 2021-03-10
Fix Resolution: Replace or update the following file: sdm845.c
Step up your Open Source Security Game with WhiteSource here
CVE-2020-29660 (Medium) detected in linuxv4.19
CVE-2020-29660 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
Publish Date: 2020-12-09
URL: CVE-2020-29660
CVSS 3 Score Details (4.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://github.com/gregkh/linux/releases/tag/v5.10-rc7
Release Date: 2020-12-09
Fix Resolution: v5.10-rc7
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19965 (Medium) detected in linuxlinux-4.19.81 - autoclosed
CVE-2019-19965 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.81
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
Publish Date: 2019-12-25
URL: CVE-2019-19965
CVSS 3 Score Details (4.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19965
Release Date: 2019-12-25
Fix Resolution: v5.5-rc2
Step up your Open Source Security Game with WhiteSource here
CVE-2020-10766 (Medium) detected in linuxlinux-4.19.81 - autoclosed
CVE-2020-10766 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.81
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.
Publish Date: 2020-09-15
URL: CVE-2020-10766
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10766
Release Date: 2020-07-21
Fix Resolution: v5.8-rc1,v4.4.228,v4.9.228,v4.14.185,v4.19.129,v5.4.47,v5.7.3
Step up your Open Source Security Game with WhiteSource here
CVE-2020-26541 (Medium) detected in arcarc-4.18-final
CVE-2020-26541 - Medium Severity Vulnerability
Vulnerable Library - arcarc-4.18-final
ARC (Synopsys) arch tree
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc.git
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
Publish Date: 2020-10-02
URL: CVE-2020-26541
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19052 (High) detected in linuxv4.19
CVE-2019-19052 - High Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
Publish Date: 2019-11-18
URL: CVE-2019-19052
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19052
Release Date: 2019-11-18
Fix Resolution: v5.4-rc7
Step up your Open Source Security Game with WhiteSource here
CVE-2019-19045 (Medium) detected in linuxv4.19
CVE-2019-19045 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.
Publish Date: 2019-11-18
URL: CVE-2019-19045
CVSS 3 Score Details (4.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19045
Release Date: 2019-11-18
Fix Resolution: v5.4-rc6
Step up your Open Source Security Game with WhiteSource here
CVE-2020-1749 (High) detected in multiple libraries
CVE-2020-1749 - High Severity Vulnerability
Vulnerable Libraries - linuxlinux-4.19.110, linuxv5.0, linuxv4.19
Vulnerability Details
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Publish Date: 2020-09-09
URL: CVE-2020-1749
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1749
Release Date: 2020-07-21
Fix Resolution: v5.5-rc1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-1125 (Medium) detected in linuxlinux-4.19.110, linuxv4.19
CVE-2019-1125 - Medium Severity Vulnerability
Vulnerable Libraries - linuxlinux-4.19.110, linuxv4.19
Vulnerability Details
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
Publish Date: 2019-09-03
URL: CVE-2019-1125
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2019-1125
Release Date: 2020-08-24
Fix Resolution: v5.3-rc4,v3.16.72,v4.14.137,v4.19.65,v4.4.189,v4.9.189,v5.2.7
Step up your Open Source Security Game with WhiteSource here
CVE-2021-27291 (High) detected in Pygments-2.5.2-py2.py3-none-any.whl - autoclosed
CVE-2021-27291 - High Severity Vulnerability
Vulnerable Library - Pygments-2.5.2-py2.py3-none-any.whl
Pygments is a syntax highlighting package written in Python.
Library home page: https://files.pythonhosted.org/packages/be/39/32da3184734730c0e4d3fa3b2b5872104668ad6dc1b5a73d8e477e5fe967/Pygments-2.5.2-py2.py3-none-any.whl
Path to dependency file: android_kernel_asus_sm8250/tools/perf/util
Path to vulnerable library: android_kernel_asus_sm8250/tools/perf/util,android_kernel_asus_sm8250/Documentation/sphinx/requirements.txt
Dependency Hierarchy:
- Sphinx-1.4.9-py2.py3-none-any.whl (Root Library)
- ❌ Pygments-2.5.2-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: master
Vulnerability Details
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Publish Date: 2021-03-17
URL: CVE-2021-27291
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://github.com/pygments/pygments/releases/tag/2.7.4
Release Date: 2021-03-17
Fix Resolution: Pygments - 2.7.4
Step up your Open Source Security Game with WhiteSource here
CVE-2020-28974 (Medium) detected in linuxlinux-4.19.110
CVE-2020-28974 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.110
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
Publish Date: 2020-11-20
URL: CVE-2020-28974
CVSS 3 Score Details (5.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Physical
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7
Release Date: 2020-11-20
Fix Resolution: v5.9.7
Step up your Open Source Security Game with WhiteSource here
CVE-2020-16119 (High) detected in linuxv4.19
CVE-2020-16119 - High Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: eec7198e6912dcb42ca047f169f1bda8ebd18e6f
Found in base branch: android-11
Vulnerable Source Files (2)
Vulnerability Details
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
Publish Date: 2021-01-14
URL: CVE-2020-16119
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2019-12380 (Medium) detected in arcarc-4.18-final
CVE-2019-12380 - Medium Severity Vulnerability
Vulnerable Library - arcarc-4.18-final
ARC (Synopsys) arch tree
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc.git
Found in base branch: android-11
Vulnerable Source Files (0)
Vulnerability Details
DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.
Publish Date: 2019-05-28
URL: CVE-2019-12380
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2019-12380
Release Date: 2020-08-03
Fix Resolution: v5.2-rc3
Step up your Open Source Security Game with WhiteSource here
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.