Linux Kernel CVE Statistics
41 Linux Kernel CVEs in December 2019
Full month · Source: NIST NVD
In December 2019, 41 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 1 was rated Critical, 10 were rated High severity and 28 Medium. No CVEs from this month have been confirmed as actively exploited via the CISA KEV catalog. December's 41 CVEs represent 13% of all 2019 Linux kernel CVEs , down from November's 80 (a 49% month-over-month decrease) .
41
Total CVEs
1
Critical
10
High
28
Medium
2
Low
0
KEV Exploited
All CVEs — December 2019
41 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2019-10557 | linux | Critical | 9.8 | 2019-12-18 | Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto,… | |
| CVE-2019-19770 | linux | High | 8.2 | 2019-12-12 | In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (whi… | |
| CVE-2019-19816 | linux | High | 7.8 | 2019-12-17 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out… | |
| CVE-2019-19814 | linux | High | 7.8 | 2019-12-17 | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bound… | |
| CVE-2019-19241 | linux | High | 7.8 | 2019-12-17 | In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabil… | |
| CVE-2019-19807 | linux | High | 7.8 | 2019-12-15 | In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CI… | |
| CVE-2019-19449 | linux | High | 7.8 | 2019-12-08 | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs… | |
| CVE-2019-19447 | linux | High | 7.8 | 2019-12-08 | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can le… | |
| CVE-2019-19448 | linux | High | 7.8 | 2019-12-08 | In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then … | |
| CVE-2019-19543 | linux | High | 7.8 | 2019-12-03 | In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | |
| CVE-2019-19768 | linux | High | 7.5 | 2019-12-12 | In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrac… | |
| CVE-2019-19531 | linux | Medium | 6.8 | 2019-12-03 | In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the dri… | |
| CVE-2019-19532 | linux | Medium | 6.8 | 2019-12-03 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB dev… | |
| CVE-2019-19527 | linux | Medium | 6.8 | 2019-12-03 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the dr… | |
| CVE-2019-19769 | linux | Medium | 6.7 | 2019-12-12 | In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to includ… |