Mirror from simpson-nekek.narord.ru / dartpower.tk
Link: https://dpteam.github.io
Mirror: https://dartpower.github.io
This project forked from blueheisenberg/rk3188_tablet
Tablet resources for Kitkat kernel provided by Skelton (Freaktab member)
License: Other
Mirror from simpson-nekek.narord.ru / dartpower.tk
Link: https://dpteam.github.io
Mirror: https://dartpower.github.io
Linux 4.12 Embedded Kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto-4.12
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.
Publish Date: 2013-03-22
URL: CVE-2013-1848
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-1848
Release Date: 2013-03-22
Fix Resolution: 3.8.4
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/kernel/user_namespace.c
/kernel/user_namespace.c
/kernel/user_namespace.c
The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process.
Publish Date: 2013-04-05
URL: CVE-2013-1858
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-1858
Release Date: 2013-04-05
Fix Resolution: 3.8.3
Step up your Open Source Security Game with Mend here
The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Publish Date: 2014-01-06
URL: CVE-2013-7270
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270
Release Date: 2014-01-06
Fix Resolution: v3.13-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/gpu/drm/i915/intel_ringbuffer.h
/drivers/gpu/drm/i915/intel_ringbuffer.h
/drivers/gpu/drm/i915/intel_ringbuffer.h
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
Publish Date: 2020-04-10
URL: CVE-2020-8832
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8832
Release Date: 2020-04-10
Fix Resolution: v4.16-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/net/ipv4/inet_fragment.c
/net/ipv4/inet_fragment.c
/net/ipv4/inet_fragment.c
Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.
Publish Date: 2014-03-11
URL: CVE-2014-0100
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0100
Release Date: 2014-03-11
Fix Resolution: v3.14-rc7
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
Publish Date: 2017-12-07
URL: CVE-2017-17450
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17450
Release Date: 2017-12-07
Fix Resolution: v4.15-rc4
Step up your Open Source Security Game with Mend here
Linux 4.12 Embedded Kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto-4.12
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
Publish Date: 2018-07-06
URL: CVE-2018-13405
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13405
Release Date: 2018-07-06
Fix Resolution: v4.18-rc4
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.
Publish Date: 2013-12-09
URL: CVE-2013-2930
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-2930
Release Date: 2013-12-09
Fix Resolution: 3.12.2
Step up your Open Source Security Game with Mend here
The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Publish Date: 2014-01-06
URL: CVE-2013-7266
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-7266
Release Date: 2014-01-06
Fix Resolution: 3.12.4
Step up your Open Source Security Game with Mend here
miscellaneous core development
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
Publish Date: 2016-12-30
URL: CVE-2016-10088
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-10088
Release Date: 2016-12-30
Fix Resolution: linux - 4.9.9-1;linux-zen - 4.9.9-1
Step up your Open Source Security Game with Mend here
Linux 4.12 Embedded Kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto-4.12
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.
Publish Date: 2018-08-07
URL: CVE-2018-5953
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-5953
Release Date: 2018-08-07
Fix Resolution: linux-yocto - 5.4.20+gitAUTOINC+c11911d4d1_f4d7dbafb1,4.8.24+gitAUTOINC+c84532b647_f6329fd287
Step up your Open Source Security Game with Mend here
miscellaneous core development
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/scsi/libsas/sas_discover.c
/drivers/scsi/libsas/sas_discover.c
/drivers/scsi/libsas/sas_discover.c
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
Publish Date: 2019-12-25
URL: CVE-2019-19965
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19965
Release Date: 2019-12-25
Fix Resolution: v5.5-rc2
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.
Publish Date: 2015-10-19
URL: CVE-2015-7613
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7613
Release Date: 2015-10-19
Fix Resolution: v4.3-rc4
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.
Publish Date: 2018-07-27
URL: CVE-2018-14609
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14609
Release Date: 2018-07-27
Fix Resolution: v4.19-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/net/phonet/datagram.c
/net/ieee802154/dgram.c
/net/phonet/datagram.c
/net/ipv4/udp.c
/net/ieee802154/dgram.c
The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Publish Date: 2014-01-06
URL: CVE-2013-7264
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-7264
Release Date: 2014-01-06
Fix Resolution: 3.12.4
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/net/phonet/datagram.c
/net/ieee802154/dgram.c
/net/phonet/datagram.c
/net/ipv4/udp.c
/net/ieee802154/dgram.c
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Publish Date: 2014-01-06
URL: CVE-2013-7265
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-7265
Release Date: 2014-01-06
Fix Resolution: 3.12.4
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
Publish Date: 2016-11-28
URL: CVE-2016-8632
Base Score Metrics:
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2016-8632
Release Date: 2016-11-28
Fix Resolution: v4.9-rc8,v3.16.40,v3.2.85,v4.1.37,v4.4.65,v4.8.14
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Publish Date: 2014-03-11
URL: CVE-2014-0101
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0101
Release Date: 2014-03-11
Fix Resolution: v3.14-rc6
Step up your Open Source Security Game with Mend here
miscellaneous core development
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/scsi/aacraid/commctrl.c
/drivers/scsi/aacraid/commctrl.c
/drivers/scsi/aacraid/commctrl.c
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
Publish Date: 2019-08-19
URL: CVE-2017-18550
Base Score Metrics:
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2017-18550
Release Date: 2019-08-19
Fix Resolution: v4.13-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
Publish Date: 2017-10-12
URL: CVE-2017-15274
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-15274
Release Date: 2017-10-12
Fix Resolution: 4.11.5
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
Publish Date: 2013-05-03
URL: CVE-2013-1979
Base Score Metrics:
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2013-1979
Release Date: 2013-05-03
Fix Resolution: v3.9-rc8,v3.2.44
Step up your Open Source Security Game with Mend here
miscellaneous core development
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/scsi/arcmsr/arcmsr_hba.c
/drivers/scsi/arcmsr/arcmsr_hba.c
/drivers/scsi/arcmsr/arcmsr_hba.c
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
Publish Date: 2016-10-16
URL: CVE-2016-7425
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7425
Release Date: 2016-10-16
Fix Resolution: v4.9-rc1
Step up your Open Source Security Game with Mend here
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.
Publish Date: 2013-12-09
URL: CVE-2013-2929
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-2929
Release Date: 2013-12-09
Fix Resolution: 3.12.2
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
Publish Date: 2012-05-24
URL: CVE-2011-2699
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2011-2699
Release Date: 2012-05-24
Fix Resolution: 3.1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.
Publish Date: 2018-07-27
URL: CVE-2017-2618
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-2618
Release Date: 2018-07-27
Fix Resolution: 4.9.10
Step up your Open Source Security Game with Mend here
Development tree
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/keithp/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
Publish Date: 2014-07-19
URL: CVE-2014-4943
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-4943
Release Date: 2014-07-19
Fix Resolution: kernel-bootwrapper - 3.10.0-123.4.4;perf - 2.6.32-220.54.1,3.10.0-123.4.4,3.10.0-123.4.4,2.6.32-431.20.5,2.6.32-431.20.5;kernel-debuginfo - 2.6.32-431.20.5,2.6.32-431.20.5,2.6.32-220.54.1,3.10.0-123.4.4;kernel-debug-devel - 2.6.32-220.54.1,2.6.32-431.20.5,3.10.0-123.4.4,3.10.0-123.4.4,2.6.32-431.20.5;kernel-tools-libs - 3.10.0-123.4.4,3.10.0-123.4.4;perf-debuginfo - 2.6.32-220.54.1,2.6.32-431.20.5,2.6.32-431.20.5,3.10.0-123.4.4;kernel-debug-debuginfo - 2.6.32-431.20.5,2.6.32-220.54.1,2.6.32-431.20.5,3.10.0-123.4.4;kernel-debug - 2.6.32-431.20.5,3.10.0-123.4.4,3.10.0-123.4.4,2.6.32-220.54.1,2.6.32-431.20.5;kernel-devel - 2.6.32-220.54.1,2.6.32-431.20.5,3.10.0-123.4.4,2.6.32-431.20.5,3.10.0-123.4.4;kernel-firmware - 2.6.32-220.54.1,2.6.32-431.20.5;kernel - 2.6.32-431.20.5,3.10.0-123.4.4,3.10.0-123.4.4,2.6.32-431.20.5,2.6.32-431.20.5,2.6.32-431.20.5,3.10.0-123.4.4,2.6.32-220.54.1,2.6.32-220.54.1;python-perf - 3.10.0-123.4.4,2.6.32-431.20.5,2.6.32-431.20.5,3.10.0-123.4.4,2.6.32-220.54.1;kernel-debuginfo-common-i686 - 2.6.32-431.20.5;kernel-tools - 3.10.0-123.4.4,3.10.0-123.4.4;kernel-tools-libs-devel - 3.10.0-123.4.4,3.10.0-123.4.4;kernel-tools-debuginfo - 3.10.0-123.4.4;python-perf-debuginfo - 2.6.32-220.54.1,2.6.32-431.20.5,2.6.32-431.20.5,3.10.0-123.4.4;kernel-headers - 2.6.32-220.54.1,3.10.0-123.4.4,2.6.32-431.20.5,3.10.0-123.4.4,2.6.32-431.20.5;kernel-debuginfo-common-x86_64 - 3.10.0-123.4.4,2.6.32-431.20.5,2.6.32-220.54.1;kernel-doc - 3.10.0-123.4.4,2.6.32-431.20.5,2.6.32-220.54.1;kernel-abi-whitelists - 3.10.0-123.4.4,2.6.32-431.20.5
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/usb/misc/rio500.c
/drivers/usb/misc/rio500.c
/drivers/usb/misc/rio500.c
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
Publish Date: 2019-08-19
URL: CVE-2019-15212
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15212
Release Date: 2019-08-19
Fix Resolution: v5.2-rc3
Step up your Open Source Security Game with Mend here
miscellaneous core development
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/infiniband/core/ucma.c
/drivers/infiniband/core/ucma.c
/drivers/infiniband/core/ucma.c
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
Publish Date: 2018-07-29
URL: CVE-2018-14734
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14734
Release Date: 2018-07-29
Fix Resolution: v4.18-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
Publish Date: 2014-03-11
URL: CVE-2014-0102
Base Score Metrics:
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2014-0102
Release Date: 2014-03-11
Fix Resolution: v3.14-rc6
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/net/phonet/datagram.c
/net/ieee802154/dgram.c
/net/phonet/datagram.c
/net/ipv4/udp.c
/net/ieee802154/dgram.c
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
Publish Date: 2014-01-06
URL: CVE-2013-7263
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-7263
Release Date: 2014-01-06
Fix Resolution: 3.12.4
Step up your Open Source Security Game with Mend here
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
Publish Date: 2013-02-18
URL: CVE-2013-0871
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-0871
Release Date: 2013-02-18
Fix Resolution: 3.7.5
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
Publish Date: 2014-11-10
URL: CVE-2014-3611
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3611
Release Date: 2014-11-10
Fix Resolution: v3.18-rc2
Step up your Open Source Security Game with Mend here
The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Publish Date: 2014-01-06
URL: CVE-2013-7268
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268
Release Date: 2014-01-06
Fix Resolution: v3.13-rc1
Step up your Open Source Security Game with Mend here
miscellaneous core development
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/scsi/aacraid/commctrl.c
/drivers/scsi/aacraid/commctrl.c
/drivers/scsi/aacraid/commctrl.c
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
Publish Date: 2019-08-19
URL: CVE-2017-18549
Base Score Metrics:
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2017-18549
Release Date: 2019-08-19
Fix Resolution: v4.13-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.
Publish Date: 2014-01-18
URL: CVE-2014-1445
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-1445
Release Date: 2014-01-18
Fix Resolution: 3.11.7
Step up your Open Source Security Game with Mend here
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Publish Date: 2014-01-06
URL: CVE-2013-7269
Base Score Metrics:
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2013-7269
Release Date: 2014-01-06
Fix Resolution: v3.13-rc1,v3.12.4,v3.2.54
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
Publish Date: 2014-01-18
URL: CVE-2014-1444
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-1444
Release Date: 2014-01-18
Fix Resolution: 3.11.7
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/net/hamradio/yam.c
/drivers/net/hamradio/yam.c
/drivers/net/hamradio/yam.c
The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.
Publish Date: 2014-01-18
URL: CVE-2014-1446
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-1446
Release Date: 2014-01-18
Fix Resolution: 3.12.8
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
Publish Date: 2015-04-21
URL: CVE-2015-2042
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-2042
Release Date: 2015-04-21
Fix Resolution: 3.19
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/net/llc/sysctl_net_llc.c
/net/llc/sysctl_net_llc.c
/net/llc/sysctl_net_llc.c
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
Publish Date: 2015-04-21
URL: CVE-2015-2041
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-2041
Release Date: 2015-04-21
Fix Resolution: 3.19
Step up your Open Source Security Game with Mend here
Linux 4.12 Embedded Kernel
Library home page: https://git.yoctoproject.org/git/linux-yocto-4.12
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
Publish Date: 2016-12-28
URL: CVE-2016-6213
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-6213
Release Date: 2016-12-28
Fix Resolution: 4.9
Step up your Open Source Security Game with Mend here
The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Publish Date: 2014-01-06
URL: CVE-2013-7271
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271
Release Date: 2014-01-06
Fix Resolution: v3.13-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.
Publish Date: 2013-12-09
URL: CVE-2013-7026
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7026
Release Date: 2013-12-09
Fix Resolution: v3.13-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/drivers/usb/host/hwa-hc.c
/drivers/usb/host/hwa-hc.c
/drivers/usb/host/hwa-hc.c
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
Publish Date: 2018-12-17
URL: CVE-2018-20169
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20169
Release Date: 2018-12-17
Fix Resolution: v4.20-rc6
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.
Publish Date: 2019-08-19
URL: CVE-2019-15214
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15214
Release Date: 2019-08-19
Fix Resolution: v5.1-rc6
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency.
Publish Date: 2019-08-19
URL: CVE-2017-18552
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18552
Release Date: 2019-08-19
Fix Resolution: v4.11-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
Publish Date: 2014-11-10
URL: CVE-2014-3610
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3610
Release Date: 2014-11-10
Fix Resolution: v3.18-rc2
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/net/netfilter/nf_conntrack_proto_dccp.c
/net/netfilter/nf_conntrack_proto_dccp.c
/net/netfilter/nf_conntrack_proto_dccp.c
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Publish Date: 2014-03-24
URL: CVE-2014-2523
Base Score Metrics:
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2014-2523
Release Date: 2014-03-24
Fix Resolution: v3.14-rc1,v3.12.17,v3.2.57
Step up your Open Source Security Game with Mend here
The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Publish Date: 2014-01-06
URL: CVE-2013-7267
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267
Release Date: 2014-01-06
Fix Resolution: v3.13-rc1
Step up your Open Source Security Game with Mend here
Linux kernel source tree
Library home page: https://github.com/verygreen/linux.git
Found in HEAD commit: 0c501f5a0fd72c7b2ac82904235363bd44fd8f9e
Found in base branch: master
/net/wireless/radiotap.c
/net/wireless/radiotap.c
/net/wireless/radiotap.c
The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.
Publish Date: 2013-12-09
URL: CVE-2013-7027
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-7027
Release Date: 2013-12-09
Fix Resolution: 3.11.7
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.