- kernel-3.13.0-149.199 (ubuntu-trusty)
- 3.13.0-165.215
- 2019-09-18 14:30:58
- CVE CVE-2018-1068, CVSSv2 Score: 7.2
- Description:
netfilter: ebtables: CONFIG_COMPAT: don't trust userland
- Patch: 3.13.0/422969-netfilter-ebtables-CONFIG_COMPAT-don-t-trust-userl.patch
- From: kernel-3.13.0-150.200
- CVE CVE-2018-7492, CVSSv2 Score: 4.9
- Description:
rds: Fix NULL pointer dereference in __rds_rdma_map
- Patch: 3.13.0/422972-rds-Fix-NULL-pointer-dereference-in-__rds_rdma_map.patch
- From: kernel-3.13.0-150.200
- CVE CVE-2018-8781, CVSSv2 Score: 7.2
- Description:
drm: udl: Properly check framebuffer mmap offsets
- Patch: 3.13.0/422970-drm-udl-Properly-check-framebuffer-mmap-offsets.patch
- From: kernel-3.13.0-150.200
- CVE CVE-2017-15265, CVSSv2 Score: 7.0
- Description:
ALSA: seq: Fix use-after-free at creating a port
- Patch: 3.13.0/ALSA-seq-Fix-use-after-free-at-creating-a-port.patch
- From: >kernel-3.13.0-143.192
- CVE CVE-2017-12193, CVSSv2 Score: 5.5
- Description:
assoc_array: Fix a buggy node-splitting case
- Patch: 3.13.0/assoc_array-Fix-a-buggy-node-splitting-case.patch
- From: >kernel-3.13.0-143.192
- CVE CVE-2018-5390, CVSSv2 Score: 7.5
- Description:
tcp: avoid collapses in tcp_prune_queue() if possible
- Patch: 3.13.0/tcp-avoid-collapses-in-tcp_prune_queue-if-possible.patch
- From: kernel-3.13.0-155.205
- CVE CVE-2018-5390, CVSSv2 Score: 7.5
- Description:
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
- Patch: 3.13.0/tcp-detect-malicious-patterns-in-tcp_collapse_ofo_.patch
- From: kernel-3.13.0-155.205
- CVE , CVSSv2 Score:
- Description:
- Patch: 3.13.0/423132-Fix-up-non-directory-creation-in-SGID-directories.patch
- From:
- CVE , CVSSv2 Score:
- Description:
- Patch: 3.13.0/423133-xfs-don-t-call-xfs_da_shrink_inode-with-NULL-bp.patch
- From:
- CVE CVE-2018-5391, CVSSv2 Score: 7.5
- Description:
Revert "net: increase fragment memory usage limits"
- Patch: 3.13.0/423195-Revert-net-increase-fragment-memory-usage-limits.patch
- From: kernel-3.13.0-155.205
- CVE CVE-2018-5391, CVSSv2 Score: 7.5
- Description:
Revert "net: increase fragment memory usage limits" (kpatch adaptation)
- Patch: 3.13.0/423195-Revert-net-increase-fragment-memory-usage-limits-kpatch-1.patch
- From: kernel-3.13.0-155.205
- CVE CVE-2017-15649, CVSSv2 Score: 7.8
- Description:
packet: race condition in packet_bind
- Patch: 3.13.0/packet-race-condition-in-packet_bind.patch
- From: >kernel-3.13.0-143.192
- CVE CVE-2017-15649, CVSSv2 Score: 7.8
- Description:
packet: hold bind lock when rebinding to fanout hook
- Patch: 3.13.0/packet-hold-bind-lock-when-rebinding-to-fanout-hook.patch
- From: >kernel-3.13.0-143.192
- CVE CVE-2017-15649, CVSSv2 Score: 7.8
- Description:
packet: in packet_do_bind, test fanout with bind_lock held
- Patch: 3.13.0/packet-in-packet_do_bind-test-fanout-with-bind_lock-.patch
- From: >kernel-3.13.0-143.192
- CVE CVE-2017-16643, CVSSv2 Score: 6.6
- Description:
Input: gtco - fix potential out-of-bound access
- Patch: 3.13.0/Input-gtco-fix-potential-out-of-bound-access.patch
- From: >kernel-3.13.0-143.192
- CVE CVE-2018-14634, CVSSv2 Score: 7.8
- Description:
privilege escalation
- Patch: 3.13.0/CVE-2018-14634-exec-Limit-arg-stack.patch
- From: kernel-3.13.0
- CVE CVE-2018-7566, CVSSv2 Score: 6.1
- Description:
ALSA: seq: Fix racy pool initializations
- Patch: 3.13.0/CVE-2018-7566-alsa-fix-racy-pool-initialization.patch
- From: kernel-3.13.0-161.211
- CVE CVE-2018-7566, CVSSv2 Score: 6.1
- Description:
ALSA: seq: Don't allow resizing pool in use
- Patch: 3.13.0/CVE-2018-7566-alsa-seq-don-t-allow-resizing-pool-in-use.patch
- From: kernel-3.13.0-161.211
- CVE CVE-2018-7566, CVSSv2 Score: 6.1
- Description:
ALSA: seq: More protection for concurrent write and ioctl races
- Patch: 3.13.0/CVE-2018-7566-alsa-seq-more-protection-for-concurrent-write-and-io.patch
- From: kernel-3.13.0-161.211
- CVE CVE-2018-10880, CVSSv2 Score: 7.1
- Description:
ext4: never move the system.data xattr out of the inode body
- Patch: 4.4.0/CVE-2018-10880.patch
- From: =< kernel-4.4.0-138.164~14.04.1
- CVE CVE-2018-13053, CVSSv2 Score: 2.1
- Description:
alarmtimer: Prevent overflow for relative nanosleep
- Patch: 4.4.0/CVE-2018-13053.patch
- From: =< kernel-4.4.0-138.164~14.04.1
- CVE CVE-2018-13096, CVSSv2 Score: 2.9
- Description:
fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
- Patch: 3.13.0/CVE-2018-13096_fix_to_do_sanity_check_with_sit_nat_ver_bitmap_bytesize.patch
- From: =< kernel-3.13.0-162.212
- CVE CVE-2018-14609, CVSSv2 Score: 7.1
- Description:
btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
- Patch: 4.4.0/CVE-2018-14609.patch
- From: =< kernel-4.4.0-138.164~14.04.1
- CVE CVE-2018-14617, CVSSv2 Score: 7.1
- Description:
hfsplus: fix NULL dereference in hfsplus_lookup()
- Patch: 3.13.0/CVE-2018-14617_hfsplus_fix_NULL_dereference_in_hfsplus_lookup.patch
- From: =< kernel-3.13.0-162.212
- CVE CVE-2018-1066, CVSSv2 Score: 6.5
- Description:
cifs: empty TargetInfo leads to crash on recovery
- Patch: 3.13.0/423359-cifs-empty-TargetInfo-leads-to-crash-on-recovery.patch
- From: 3.13.0-165.215
- CVE CVE-2018-9568, CVSSv2 Score: 7.8
- Description:
net: Set sk_prot_creator when cloning sockets to the right proto
- Patch: 3.13.0/423360-net-Set-sk_prot_creator-when-cloning-sockets-to-th.patch
- From: 3.13.0-165.215
- CVE CVE-2018-18281, CVSSv2 Score: 7.8
- Description:
mremap: properly flush TLB before releasing the page
- Patch: 3.13.0/423362-mremap-properly-flush-TLB-before-releasing-the-pag.patch
- From: 3.13.0-165.215
- CVE CVE-2018-17972, CVSSv2 Score: 5.5
- Description:
proc: restrict kernel stack dumps to root
- Patch: 3.13.0/CVE-2018-17972_proc_restrict_kernel_stack_dumps_to_root.patch
- From: 3.13.0-165.215
- CVE CVE-2017-1000410, CVSSv2 Score: 7.5
- Description:
Bluetooth: Prevent stack info leak from the EFS element.
- Patch: 3.13.0/Bluetooth-Prevent-stack-info-leak-from-the-EFS-eleme.patch
- From: >kernel-3.13.0-143.192
- CVE CVE-2018-7566, CVSSv2 Score: 6.1
- Description:
ALSA: seq: Fix racy pool initializations (kpatch adaptation)
- Patch: 3.13.0/CVE-2018-7566-alsa-fix-racy-pool-initialization-kpatch-1.patch
- From: kernel-3.13.0-161.211
- CVE , CVSSv2 Score:
- Description:
- Patch: 3.13.0/mds-trusty.patch
- From:
- CVE , CVSSv2 Score:
- Description:
- Patch: 3.13.0/mds-trusty-entry-156.patch
- From:
- CVE , CVSSv2 Score:
- Description:
- Patch: 3.13.0/mds-trusty-vmx-153.patch
- From:
- CVE , CVSSv2 Score:
- Description:
- Patch: 3.13.0/kpatch_map_kaiser.patch
- From:
- CVE CVE-2019-11477, CVSSv2 Score:
- Description:
UBUNTU: SAUCE: tcp: limit payload size of sacked skbs
- Patch: 3.13.0/CVE-2019-11477-tcp-limit-payload-size-of-sacked-skbs.patch
- From:
- CVE CVE-2019-11478, CVSSv2 Score:
- Description:
UBUNTU: SAUCE: tcp: tcp_fragment() should apply sane memory limits
- Patch: 3.13.0/CVE-2019-11478-tcp-tcp_fragment-should-apply-sane-memory-limits.patch
- From:
- CVE CVE-2019-11479, CVSSv2 Score:
- Description:
tcp: add tcp_min_snd_mss sysctl
- Patch: 3.13.0/CVE-2019-11479-tcp-add-tcp_min_snd_mss-sysctl-kpatch.patch
- From:
- CVE CVE-2019-11479, CVSSv2 Score:
- Description:
tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
- Patch: 3.13.0/CVE-2019-11479-tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing.patch
- From:
- CVE CVE-2019-11190, CVSSv2 Score: 4.7
- Description:
binfmt_elf: switch to new creds when switching to new mm
- Patch: 3.10.0/CVE-2019-11190.patch
- From: >4.8
- CVE CVE-2017-18360, CVSSv2 Score: 5.5
- Description:
USB: serial: io_ti: fix div-by-zero in set_termios
- Patch: 3.13.0/CVE-2017-18360-usb-serial-io_ti-fix-div-by-zero-in-set_termios.patch
- From: kernel-4.4.0-168.218
- CVE CVE-2018-19824, CVSSv2 Score: 7.8
- Description:
ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
- Patch: 3.13.0/CVE-2018-19824-ALSA_usb-audio_fix_UAF_decrement_if_card_has_no_live_interfaces_in_card_c.patch
- From: kernel-4.4.0-168.218
- CVE CVE-2019-3459, CVSSv2 Score: 5.3
- Description:
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
- Patch: 3.13.0/CVE-2019-3459-bluetooth-verify-that-l2cap_get_conf_opt-provides-large-enough-buffer.patch
- From: kernel-4.4.0-168.218
- CVE CVE-2019-3436, CVSSv2 Score: 5.3
- Description:
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
- Patch: 3.13.0/CVE-2019-3460-bluetooth-check-L2CAP-option-sizes-returned-from-l2cap_get_conf_opt.patch
- From: kernel-4.4.0-168.218
- CVE CVE-2019-6974, CVSSv2 Score: 8.1
- Description:
kvm: fix kvm_ioctl_create_device() reference counting
- Patch: 3.13.0/CVE-2019-6974-kvm-fix-kvm_ioctl_create_device-reference-counting.patch
- From: kernel-4.4.0-168.218
- CVE CVE-2019-7222, CVSSv2 Score: 5.5
- Description:
KVM: x86: work around leak of uninitialized stack contents
- Patch: 3.13.0/CVE-2019-7222-KVM-x86-work-around-leak-of-uninitialized-stack-contents.patch
- From: kernel-4.4.0-168.218
- CVE CVE-2019-9213, CVSSv2 Score: 5.5
- Description:
mm: enforce min addr even if capable() in expand_downwards()
- Patch: 3.13.0/CVE-2019-9213-mm-enforce-min-addr-even-if-capable-in-expand_downwards.patch
- From: kernel-4.4.0-168.218
- CVE CVE-2019-3901, CVSSv2 Score: 1.9
- Description:
perf/core: Fix perf_event_open() vs. execve() race
- Patch: 3.13.0/CVE-2019-3901-perf-core-Fix-perf_event_open-vs.-execve-race.patch
- From: kernel-4.4.28.47
- CVE CVE-2019-14835, CVSSv2 Score: 7.2
- Description:
kvm: fix vhost_net log overflow
- Patch: 3.13.0/kvm-vhost_net-log-overflow.patch
- From: 3.13.0-165.215+
- CVE , CVSSv2 Score:
- Description:
Restrict access to pagemap/kpageflags/kpagecount
- Patch: 3.10.0/proc-restrict-pagemap-access.patch
- From:
- CVE , CVSSv2 Score:
- Description:
- Patch: 3.13.0/kpatch-add-paravirt-asm-definitions.patch
- From:
- CVE , CVSSv2 Score:
- Description:
- Patch: 3.13.0/x86-kvm-vmx_vcpu_run-wrapper-153.patch
- From: