ALT-PU-2019-1506-2 — kernel-image-mp

BDU:2017-00767

LOW3.3

Уязвимость компонента Kernel Samepage Merging (KSM) операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность информации

Published: 2017-04-06Modified: 2024-05-16

CVSS 3.xLOW 3.3

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

References

BDU:2019-00818

HIGH7.5

Уязвимость функции kernel_read_file ядра операционной системы Linux, связанная с неправильным освобождением памяти перед удалением последний ссылки, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-03-01Modified: 2023-11-11

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2019-8980

BDU:2019-03237

HIGH7.0

Уязвимость драйверов drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c и drivers/char/ipmi/ipmi_si_port_io.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Published: 2019-09-19Modified: 2024-05-29

CVSS 3.xHIGH 7.0

CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.0

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2019-11811

BDU:2020-00843

HIGH7.5

Уязвимость функции i_size_write () ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-03-04Modified: 2024-12-03

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2019-16413

BDU:2020-01063

HIGH7.5

Уязвимость функции sit_init_net() (net/ipv6/sit.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-03-18Modified: 2024-05-30

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2019-16994

BDU:2020-02920

HIGH7.5

Уязвимость функции nfc_llcp_build_tlv ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-22Modified: 2024-05-30

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2019-12818

BDU:2020-02921

MEDIUM5.5

Уязвимость функции __mdiobus_register ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-22Modified: 2024-12-03

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2019-12819

BDU:2020-04876

HIGH7.5

Уязвимость функции register_queue_kobjects() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-10-27Modified: 2024-12-12

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2019-15916

BDU:2021-01438

MEDIUM5.5

Уязвимость функции expand_downwards ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-03-21Modified: 2024-06-04

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2019-9213

BDU:2021-03399

MEDIUM5.5

Уязвимость функции inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c ядра операционной системы Linux, связанная с недостатком механизма освобождения памяти, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-07-06Modified: 2024-06-18

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2019-9857

BDU:2023-00161

MEDIUM4.1

Уязвимость функции nvkm_vmm_pfn_map() драйвера GPU Nouveau ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

Published: 2023-01-16Modified: 2023-03-20

CVSS 3.xMEDIUM 4.1

CVSS:3.x/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0LOW 3.8

CVSS:2.0/AV:L/AC:H/Au:S/C:N/I:N/A:C

References

CVE-2023-0030

BDU:2024-01699

HIGH7.1

Уязвимость функции cipso_v4_map_lvl_valid ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2024-03-04Modified: 2024-12-05

CVSS 3.xHIGH 7.1

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2019-25160

BDU:2025-00849

MEDIUM4.9

Уязвимость компонентов mm/madvise.c и mm/msync.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-01-29

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0MEDIUM 4.4

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:P

References

CVE-2015-7312

CVE-2010-5321

MEDIUM4.3

Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.

Published: 2017-04-24Modified: 2025-04-20

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2015-0569

HIGH7.8

Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter.

Published: 2016-05-09Modified: 2025-04-12

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2015-0570

HIGH7.8

Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element.

Published: 2016-05-09Modified: 2025-04-12

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2015-0571

HIGH7.8

The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.

Published: 2016-05-09Modified: 2025-04-12

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2015-2877

LOW3.3

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities

Published: 2017-03-03Modified: 2025-04-20

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

CVE-2015-7312

MEDIUM4.4

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.

Published: 2015-11-16Modified: 2025-04-12

CVSS 2.0MEDIUM 4.4

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:P

References

CVE-2016-2853

HIGH7.8

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Published: 2016-05-02Modified: 2025-04-12

CVSS 2.0MEDIUM 4.4

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2016-2854

HIGH7.8

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Published: 2016-05-02Modified: 2025-04-12

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2018-20669

HIGH7.8

An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.

Published: 2019-03-21Modified: 2024-11-21

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2019-11811

HIGH7.0

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

Published: 2019-05-07Modified: 2024-11-21

CVSS 2.0MEDIUM 6.9

CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.0

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2019-12818

HIGH7.5

An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c.

Published: 2019-06-14Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-12819

MEDIUM5.5

An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.

Published: 2019-06-14Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-15916

HIGH7.5

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.

Published: 2019-09-04Modified: 2024-11-21

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-16413

HIGH7.5

An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.

Published: 2019-09-19Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-16994

MEDIUM4.7

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

Published: 2019-09-30Modified: 2024-11-21

CVSS 2.0MEDIUM 4.7

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 4.7

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-16995

HIGH7.5

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

Published: 2019-09-30Modified: 2024-11-21

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-25160

HIGH7.1

In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8.

Published: 2024-02-26Modified: 2024-11-21

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

CVE-2019-8980

HIGH7.5

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

Published: 2019-02-21Modified: 2024-11-21

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-9213

MEDIUM5.5

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

Published: 2019-03-05Modified: 2024-11-21

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-9857

MEDIUM5.5

In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.

Published: 2019-03-21Modified: 2024-11-21

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2023-0030

HIGH7.8

A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Published: 2023-03-08Modified: 2025-03-05

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Package update kernel-image-mp in branch sisyphus

Closed issues (34)

Уязвимость компонента Kernel Samepage Merging (KSM) операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность информации

Уязвимость функции i_size_write () ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции sit_init_net() (net/ipv6/sit.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции nfc_llcp_build_tlv ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции __mdiobus_register ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции register_queue_kobjects() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции expand_downwards ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции nvkm_vmm_pfn_map() драйвера GPU Nouveau ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

Уязвимость компонентов mm/madvise.c и mm/msync.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.

An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.

A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.