Vulnerabilities (CVE)

Filtered by vendor Linux Subscribe
Filtered by product Linux Kernel
Total 4762 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26334 3 Amd, Linux, Microsoft 3 Amd Uprof, Linux Kernel, Windows 2022-05-16 9.0 HIGH 9.9 CRITICAL
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
CVE-2021-28038 4 Debian, Linux, Netapp and 1 more 5 Debian Linux, Linux Kernel, Cloud Backup and 2 more 2022-05-16 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
CVE-2021-29647 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-05-16 2.1 LOW 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
CVE-2021-29650 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-05-16 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
CVE-2021-30002 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-05-16 2.1 LOW 6.2 MEDIUM
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
CVE-2021-3564 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-05-16 2.1 LOW 5.5 MEDIUM
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
CVE-2022-22454 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server On Cloud, Linux Kernel and 1 more 2022-05-16 7.2 HIGH 7.8 HIGH
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVE-2022-28390 1 Linux 1 Linux Kernel 2022-05-13 4.6 MEDIUM 7.8 HIGH
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-0998 1 Linux 1 Linux Kernel 2022-05-13 7.2 HIGH 7.8 HIGH
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-28388 1 Linux 1 Linux Kernel 2022-05-13 4.6 MEDIUM 7.8 HIGH
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2021-4202 1 Linux 1 Linux Kernel 2022-05-13 6.6 MEDIUM 7.0 HIGH
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.
CVE-2022-28389 1 Linux 1 Linux Kernel 2022-05-13 4.6 MEDIUM 7.8 HIGH
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2021-32399 3 Debian, Linux, Netapp 19 Debian Linux, Linux Kernel, Cloud Backup and 16 more 2022-05-13 4.4 MEDIUM 7.0 HIGH
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVE-2021-3501 4 Fedoraproject, Linux, Netapp and 1 more 27 Fedora, Linux Kernel, Cloud Backup and 24 more 2022-05-13 3.6 LOW 7.1 HIGH
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
CVE-2021-28950 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-05-13 2.1 LOW 5.5 MEDIUM
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.
CVE-2021-33200 3 Fedoraproject, Linux, Netapp 19 Fedora, Linux Kernel, Cloud Backup and 16 more 2022-05-13 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
CVE-2020-25669 3 Debian, Linux, Netapp 21 Debian Linux, Linux Kernel, Cloud Backup and 18 more 2022-05-13 7.2 HIGH 7.8 HIGH
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
CVE-2020-25668 3 Debian, Linux, Netapp 26 Debian Linux, Linux Kernel, 500f and 23 more 2022-05-13 6.9 MEDIUM 7.0 HIGH
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
CVE-2020-25670 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2022-05-13 7.2 HIGH 7.8 HIGH
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
CVE-2021-31440 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2022-05-13 6.9 MEDIUM 7.0 HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661.