12 Linux Kernel CVEs in October 2019
Full month · Source: NIST NVD
In October 2019, 12 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 1 was rated Critical, 5 were rated High severity and 1 Medium. CVE-2019-2215 was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. October's 12 CVEs represent 4% of all 2019 Linux kernel CVEs , down from September's 34 (a 65% month-over-month decrease) .
Actively Exploited CVEs — October 2019
1 CVE in CISA KEVCVE-2019-2215 is the only Linux kernel CVE from October 2019 confirmed as actively exploited in the wild. It carries a CVSS score of 7.8 (High severity) and is listed in the CISA Known Exploited Vulnerabilities catalog.
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2019-2215 | High KEV | 7.8 | 2019-10-11 | A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kern… |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2019-17133 | linux | Critical | 9.8 | 2019-10-04 | In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE… | |
| CVE-2019-17666 | linux | High | 8.8 | 2019-10-17 | rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bou… | |
| CVE-2019-18198 | linux | High | 7.8 | 2019-10-18 | In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppre… | |
| CVE-2019-2215 | linux | High KEV | 7.8 | 2019-10-11 | A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interact… | |
| CVE-2019-17347 | linux | High | 7.8 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privi… | |
| CVE-2019-17075 | linux | High | 7.5 | 2019-10-01 | An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The … | |
| CVE-2019-17351 | linux | Medium | 6.5 | 2019-10-08 | An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allow… | |
| CVE-2019-17053 | linux | Low | 3.3 | 2019-10-01 | ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does… | |
| CVE-2019-17055 | linux | Low | 3.3 | 2019-10-01 | base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does no… | |
| CVE-2019-17052 | linux | Low | 3.3 | 2019-10-01 | ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce… | |
| CVE-2019-17056 | linux | Low | 3.3 | 2019-10-01 | llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce… | |
| CVE-2019-17054 | linux | Low | 3.3 | 2019-10-01 | atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enfor… |