VYPR

apk package

chainguard/linux-aws-6.12-headers

pkg:apk/chainguard/linux-aws-6.12-headers

Vulnerabilities (95)

  • CVE-2022-2327HigJul 22, 2022
    affected < 0fixed 0

    io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a

  • CVE-2022-0286MedJan 31, 2022
    affected < 0fixed 0

    A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.

  • CVE-2021-3564MedJun 8, 2021
    affected < 0fixed 0

    A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.

  • CVE-2020-10742MedJun 2, 2021
    affected < 0fixed 0

    A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to dat

  • CVE-2008-2544MedMay 27, 2021
    affected < 0fixed 0

    Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

  • CVE-2020-27815HigMay 26, 2021
    affected < 0fixed 0

    A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, int

  • CVE-2020-25672HigMay 25, 2021
    affected < 0fixed 0

    A memory leak vulnerability was found in Linux kernel in llcp_sock_connect

  • CVE-2021-20265MedMar 10, 2021
    affected < 0fixed 0

    A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is

  • CVE-2021-20194HigFeb 23, 2021
    affected < 0fixed 0

    There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BP

  • CVE-2020-16119MedJan 14, 2021
    affected < 0fixed 0

    Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0

  • CVE-2020-1749HigSep 9, 2020
    affected < 0fixed 0

    A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending

  • CVE-2020-8834MedApr 9, 2020
    affected < 0fixed 0

    KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can caus

  • CVE-2019-3016MedJan 31, 2020
    affected < 0fixed 0

    In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly

  • CVE-2019-14899HigDec 11, 2019
    affected < 0fixed 0

    A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct

  • CVE-2019-3887MedApr 9, 2019
    affected < 0fixed 0

    A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw t

  • CVE-2019-3819MedJan 25, 2019
    affected < 0fixed 0

    A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Vers

  • CVE-2018-6559LowOct 26, 2018
    affected < 0fixed 0

    The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.

  • CVE-2018-14625MedSep 10, 2018
    affected < 0fixed 0

    A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak o

  • CVE-2018-10902HigAug 21, 2018
    affected < 0fixed 0

    It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a

  • CVE-2018-10882MedJul 27, 2018
    affected < 0fixed 0

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

Page 4 of 5