Kernel
by Linux
Source repositories
CVEs (15,869)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0185 | Hig | 0.14 | 8.4 | 0.25 | KEV | Feb 11, 2022 | A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs… | |
| CVE-2024-42155 | Low | 0.12 | 1.9 | 0.00 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all… | ||
| CVE-2023-0266 | Hig | 0.12 | 7.9 | 0.04 | KEV | Jan 30, 2023 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend… | |
| CVE-2021-22600 | Med | 0.12 | 6.6 | 0.06 | KEV | Jan 26, 2022 | A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 | |
| CVE-2003-0001 | 0.09 | — | 0.73 | Jan 17, 2003 | Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||
| CVE-1999-0513 | 0.09 | — | 0.70 | Jan 5, 1998 | ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. | |||
| CVE-1999-0128 | 0.09 | — | 0.74 | Dec 18, 1996 | Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. | |||
| CVE-2019-11478 | Med | 0.08 | 5.3 | 0.95 | Jun 19, 2019 | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been… | ||
| CVE-2019-11477 | Hig | 0.08 | 7.5 | 0.99 | Jun 19, 2019 | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel… | ||
| CVE-2015-8569 | Low | 0.08 | 2.3 | 0.00 | Dec 28, 2015 | The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted… | ||
| CVE-2015-7885 | Low | 0.08 | 2.3 | 0.00 | Dec 28, 2015 | The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | ||
| CVE-2015-7884 | Low | 0.08 | 2.3 | 0.00 | Dec 28, 2015 | The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | ||
| CVE-2019-11479 | Hig | 0.07 | 7.5 | 0.92 | Jun 19, 2019 | Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been… | ||
| CVE-2023-0210 | Hig | 0.06 | 7.5 | 0.72 | Mar 27, 2023 | A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. | ||
| CVE-2018-5390 | Hig | 0.06 | 7.5 | 0.74 | Aug 6, 2018 | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | ||
| CVE-2022-47938 | Med | 0.05 | 6.5 | 0.58 | Dec 23, 2022 | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT. | ||
| CVE-2021-43267 | Cri | 0.05 | 9.8 | 0.58 | Nov 2, 2021 | An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. | ||
| CVE-2021-3490 | Hig | 0.05 | 7.8 | 0.27 | Jun 4, 2021 | The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit… | ||
| CVE-2010-1173 | 0.05 | — | 0.21 | May 7, 2010 | The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a… | |||
| CVE-2006-2444 | 0.05 | — | 0.21 | May 25, 2006 | The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees… |
- risk 0.14cvss 8.4epss 0.25
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs…
- risk 0.12cvss 1.9epss 0.00
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all…
- risk 0.12cvss 7.9epss 0.04
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend…
- risk 0.12cvss 6.6epss 0.06
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
- CVE-2003-0001Jan 17, 2003risk 0.09cvss —epss 0.73
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
- CVE-1999-0513Jan 5, 1998risk 0.09cvss —epss 0.70
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
- CVE-1999-0128Dec 18, 1996risk 0.09cvss —epss 0.74
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
- risk 0.08cvss 5.3epss 0.95
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been…
- risk 0.08cvss 7.5epss 0.99
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel…
- risk 0.08cvss 2.3epss 0.00
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted…
- risk 0.08cvss 2.3epss 0.00
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
- risk 0.08cvss 2.3epss 0.00
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
- risk 0.07cvss 7.5epss 0.92
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been…
- risk 0.06cvss 7.5epss 0.72
A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.
- risk 0.06cvss 7.5epss 0.74
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
- risk 0.05cvss 6.5epss 0.58
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.
- risk 0.05cvss 9.8epss 0.58
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
- risk 0.05cvss 7.8epss 0.27
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit…
- CVE-2010-1173May 7, 2010risk 0.05cvss —epss 0.21
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a…
- CVE-2006-2444May 25, 2006risk 0.05cvss —epss 0.21
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees…
Page 587 of 794