Kernel
by Linux
Source repositories
CVEs (15,869)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-33909 | Hig | 0.01 | 7.8 | 0.10 | Jul 20, 2021 | fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | ||
| CVE-2018-20961 | Cri | 0.01 | 9.8 | 0.06 | Aug 7, 2019 | In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2019-11683 | Cri | 0.01 | 9.8 | 0.07 | May 2, 2019 | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling… | ||
| CVE-2018-14633 | Hig | 0.01 | 7.0 | 0.09 | Sep 25, 2018 | A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes… | ||
| CVE-2018-12232 | Med | 0.01 | 5.9 | 0.07 | Jun 12, 2018 | In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference… | ||
| CVE-2015-4004 | 0.01 | — | 0.08 | Jun 7, 2015 | The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. | |||
| CVE-2014-2649 | 0.01 | — | 0.06 | Oct 10, 2014 | Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2010-2521 | 0.01 | — | 0.09 | Sep 7, 2010 | Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to… | |||
| CVE-2009-4538 | 0.01 | — | 0.08 | Jan 12, 2010 | drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. | |||
| CVE-2009-2846 | 0.01 | — | 0.08 | Aug 18, 2009 | The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes… | |||
| CVE-2008-1673 | 0.01 | — | 0.07 | Jun 10, 2008 | The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers… | |||
| CVE-2006-1857 | 0.01 | — | 0.07 | May 22, 2006 | Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk. | |||
| CVE-1999-0074 | 0.01 | — | 0.08 | Jul 1, 1997 | Listening TCP ports are sequentially allocated, allowing spoofing attacks. | |||
| CVE-2026-53365 | 0.00 | — | 0.00 | Jul 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix zerocopy completion for multi-skb sends When a large message is fragmented into multiple skbs, the zerocopy uarg is only allocated and attached to the last skb in the loop. Non-final skbs… | |||
| CVE-2026-53363 | 0.00 | — | 0.00 | Jul 10, 2026 | kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() | |||
| CVE-2026-53361 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 … | |||
| CVE-2026-53362 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as … | |||
| CVE-2026-53359 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and… | |||
| CVE-2026-53336 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: nvmem: layouts: onie-tlv: fix hang on unknown types | |||
| CVE-2026-53328 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task() |
- risk 0.01cvss 7.8epss 0.10
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
- risk 0.01cvss 9.8epss 0.06
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.01cvss 9.8epss 0.07
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling…
- risk 0.01cvss 7.0epss 0.09
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes…
- risk 0.01cvss 5.9epss 0.07
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference…
- CVE-2015-4004Jun 7, 2015risk 0.01cvss —epss 0.08
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
- CVE-2014-2649Oct 10, 2014risk 0.01cvss —epss 0.06
Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2010-2521Sep 7, 2010risk 0.01cvss —epss 0.09
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to…
- CVE-2009-4538Jan 12, 2010risk 0.01cvss —epss 0.08
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
- CVE-2009-2846Aug 18, 2009risk 0.01cvss —epss 0.08
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes…
- CVE-2008-1673Jun 10, 2008risk 0.01cvss —epss 0.07
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers…
- CVE-2006-1857May 22, 2006risk 0.01cvss —epss 0.07
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
- CVE-1999-0074Jul 1, 1997risk 0.01cvss —epss 0.08
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
- CVE-2026-53365Jul 14, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix zerocopy completion for multi-skb sends When a large message is fragmented into multiple skbs, the zerocopy uarg is only allocated and attached to the last skb in the loop. Non-final skbs…
- CVE-2026-53363Jul 10, 2026risk 0.00cvss —epss 0.00
kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags()
- CVE-2026-53361Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 …
- CVE-2026-53362Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as …
- CVE-2026-53359Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and…
- CVE-2026-53336Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: nvmem: layouts: onie-tlv: fix hang on unknown types
- CVE-2026-53328Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()
Page 596 of 794