VYPR

linux-kernel

by Linux

CVEs (36)

  • CVE-2022-0617MedFeb 16, 2022
    risk 0.00cvss 5.5epss 0.01

    A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

  • CVE-2021-44879MedFeb 14, 2022
    risk 0.00cvss 5.5epss 0.01

    In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

  • CVE-2022-0487MedFeb 4, 2022
    risk 0.00cvss 5.5epss 0.00

    A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

  • CVE-2022-24448LowFeb 4, 2022
    risk 0.00cvss 3.3epss 0.00

    An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns…

  • CVE-2021-45486LowDec 25, 2021
    risk 0.00cvss 3.5epss 0.00

    In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

  • CVE-2021-45469HigDec 23, 2021
    risk 0.00cvss 7.8epss 0.01

    In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

  • CVE-2021-44733HigDec 22, 2021
    risk 0.00cvss 7.0epss 0.01

    A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

  • CVE-2021-45095MedDec 16, 2021
    risk 0.00cvss 5.5epss 0.00

    pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.

  • CVE-2021-42327MedOct 21, 2021
    risk 0.00cvss 6.7epss 0.01

    dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within…

  • CVE-2021-42252HigOct 11, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka…

  • CVE-2021-42008HigOct 5, 2021
    risk 0.00cvss 7.8epss 0.01

    The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.

  • CVE-2021-38300HigSep 20, 2021
    risk 0.00cvss 7.8epss 0.01

    arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of…

  • CVE-2021-38204MedAug 8, 2021
    risk 0.00cvss 6.8epss 0.00

    drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

  • CVE-2021-38160HigAug 7, 2021
    risk 0.00cvss 7.8epss 0.00

    In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any…

  • CVE-2021-37576HigJul 26, 2021
    risk 0.00cvss 7.8epss 0.01

    arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

  • CVE-2021-37159MedJul 21, 2021
    risk 0.00cvss 6.4epss 0.00

    hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

Page 2 of 2