Kernel
by Linux
Source repositories
CVEs (15,869)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0405 | 0.04 | — | 0.10 | Jul 2, 2001 | ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. | |||
| CVE-2000-0506 | 0.04 | — | 0.11 | Jun 9, 2000 | The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability." | |||
| CVE-1999-1018 | 0.04 | — | 0.07 | Jul 27, 1999 | IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets. | |||
| CVE-1999-0431 | 0.04 | — | 0.07 | Mar 1, 1999 | Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service. | |||
| CVE-1999-0414 | 0.04 | — | 0.07 | Mar 1, 1999 | In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. | |||
| CVE-2023-1998 | Med | 0.03 | 5.6 | 0.01 | Apr 21, 2023 | The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim… | ||
| CVE-2022-1043 | Hig | 0.03 | 8.8 | 0.04 | Aug 29, 2022 | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | ||
| CVE-2022-34918 | Hig | 0.03 | 7.8 | 0.06 | Jul 4, 2022 | An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but… | ||
| CVE-2022-0995 | Hig | 0.03 | 7.8 | 0.06 | Mar 25, 2022 | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | ||
| CVE-2017-5123 | Hig | 0.03 | 8.8 | 0.04 | Nov 2, 2021 | Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. | ||
| CVE-2019-19241 | Hig | 0.03 | 7.8 | 0.01 | Dec 17, 2019 | In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding… | ||
| CVE-2019-11599 | Hig | 0.03 | 7.0 | 0.01 | Apr 29, 2019 | The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified… | ||
| CVE-2019-9213 | Med | 0.03 | 5.5 | 0.06 | Mar 5, 2019 | In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. | ||
| CVE-2019-9162 | Hig | 0.03 | 7.8 | 0.01 | Feb 25, 2019 | In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This… | ||
| CVE-2018-17182 | Hig | 0.03 | 7.8 | 0.03 | Sep 19, 2018 | An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and… | ||
| CVE-2018-12904 | Med | 0.03 | 4.9 | 0.01 | Jun 27, 2018 | In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. | ||
| CVE-2018-11508 | Med | 0.03 | 5.5 | 0.02 | May 28, 2018 | The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | ||
| CVE-2014-4322 | 0.03 | — | 0.02 | Dec 24, 2014 | drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to… | |||
| CVE-2013-0160 | 0.03 | — | 0.01 | Feb 18, 2013 | The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. | |||
| CVE-2011-1083 | 0.03 | — | 0.01 | Apr 4, 2011 | The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. |
- CVE-2001-0405Jul 2, 2001risk 0.04cvss —epss 0.10
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
- CVE-2000-0506Jun 9, 2000risk 0.04cvss —epss 0.11
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."
- CVE-1999-1018Jul 27, 1999risk 0.04cvss —epss 0.07
IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.
- CVE-1999-0431Mar 1, 1999risk 0.04cvss —epss 0.07
Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.
- CVE-1999-0414Mar 1, 1999risk 0.04cvss —epss 0.07
In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.
- risk 0.03cvss 5.6epss 0.01
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim…
- risk 0.03cvss 8.8epss 0.04
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
- risk 0.03cvss 7.8epss 0.06
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but…
- risk 0.03cvss 7.8epss 0.06
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
- risk 0.03cvss 8.8epss 0.04
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
- risk 0.03cvss 7.8epss 0.01
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding…
- risk 0.03cvss 7.0epss 0.01
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified…
- risk 0.03cvss 5.5epss 0.06
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
- risk 0.03cvss 7.8epss 0.01
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This…
- risk 0.03cvss 7.8epss 0.03
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and…
- risk 0.03cvss 4.9epss 0.01
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
- risk 0.03cvss 5.5epss 0.02
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
- CVE-2014-4322Dec 24, 2014risk 0.03cvss —epss 0.02
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to…
- CVE-2013-0160Feb 18, 2013risk 0.03cvss —epss 0.01
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
- CVE-2011-1083Apr 4, 2011risk 0.03cvss —epss 0.01
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Page 589 of 794