22 Linux Kernel CVEs in July 2019
Full month · Source: NIST NVD
In July 2019, 22 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 5 were rated Critical, 8 were rated High severity and 8 Medium. CVE-2019-13272 was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. July's 22 CVEs represent 7% of all 2019 Linux kernel CVEs , up from June's 12 (a 83% month-over-month increase) .
Actively Exploited CVEs — July 2019
1 CVE in CISA KEVCVE-2019-13272 is the only Linux kernel CVE from July 2019 confirmed as actively exploited in the wild. It carries a CVSS score of 7.8 (High severity) and is listed in the CISA Known Exploited Vulnerabilities catalog.
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2019-13272 | High KEV | 7.8 | 2019-07-17 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the c… |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2007-6762 | linux | Critical | 9.8 | 2019-07-27 | In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible … | |
| CVE-2012-6712 | linux | Critical | 9.8 | 2019-07-27 | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will caus… | |
| CVE-2017-18379 | linux | Critical | 9.8 | 2019-07-27 | In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. | |
| CVE-2016-10764 | linux | Critical | 9.8 | 2019-07-27 | In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash… | |
| CVE-2011-5327 | linux | Critical | 9.8 | 2019-07-27 | In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() functio… | |
| CVE-2019-10142 | linux | High | 7.8 | 2019-07-30 | A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, exclud… | |
| CVE-2010-5331 | linux | High | 7.8 | 2019-07-27 | In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (… | |
| CVE-2018-20856 | linux | High | 7.8 | 2019-07-26 | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-aft… | |
| CVE-2018-20854 | linux | High | 7.8 | 2019-07-26 | An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error w… | |
| CVE-2019-13272 | linux | High KEV | 7.8 | 2019-07-17 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proc… | |
| CVE-2018-16871 | linux | High | 7.5 | 2019-07-30 | A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacke… | |
| CVE-2019-10639 | linux | High | 7.5 | 2019-07-05 | The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address discl… | |
| CVE-2019-13233 | linux | High | 7.0 | 2019-07-04 | In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry beca… | |
| CVE-2019-14283 | linux | Medium | 6.8 | 2019-07-26 | In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as… | |
| CVE-2019-13631 | linux | Medium | 6.8 | 2019-07-17 | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device… |