VYPR

Kernel

by Linux

Source repositories

CVEs (15,817)

  • CVE-2023-23586MedFeb 17, 2023
    risk 0.00cvss 5.5epss 0.00

    Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker…

  • CVE-2023-25012MedFeb 2, 2023
    risk 0.00cvss 4.6epss 0.01

    The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

  • CVE-2023-0240HigJan 30, 2023
    risk 0.00cvss 7.8epss 0.00

    There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this…

  • CVE-2023-0394MedJan 26, 2023
    risk 0.00cvss 5.5epss 0.01

    A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.

  • CVE-2023-0122HigJan 17, 2023
    risk 0.00cvss 7.5epss 0.01

    A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.

  • CVE-2022-47929MedJan 17, 2023
    risk 0.00cvss 5.5epss 0.01

    In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This…

  • CVE-2022-41858HigJan 17, 2023
    risk 0.00cvss 7.1epss 0.00

    A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.

  • CVE-2023-23559HigJan 13, 2023
    risk 0.00cvss 7.8epss 0.00

    In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

  • CVE-2022-3977HigJan 12, 2023
    risk 0.00cvss 7.8epss 0.00

    A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate…

  • CVE-2022-3628MedJan 12, 2023
    risk 0.00cvss 6.6epss 0.01

    A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.

  • CVE-2023-23455MedJan 12, 2023
    risk 0.00cvss 5.5epss 0.00

    atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

  • CVE-2023-23454MedJan 12, 2023
    risk 0.00cvss 5.5epss 0.00

    cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

  • CVE-2022-4696HigJan 11, 2023
    risk 0.00cvss 7.8epss 0.00

    There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not…

  • CVE-2022-2196MedJan 9, 2023
    risk 0.00cvss 5.8epss 0.00

    A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An…

  • CVE-2022-47946MedDec 23, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a…

  • CVE-2022-47943HigDec 23, 2022
    risk 0.00cvss 8.1epss 0.04

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.

  • CVE-2022-47942HigDec 23, 2022
    risk 0.00cvss 8.8epss 0.04

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.

  • CVE-2022-47941HigDec 23, 2022
    risk 0.00cvss 7.5epss 0.05

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.

  • CVE-2022-47940HigDec 23, 2022
    risk 0.00cvss 8.1epss 0.01

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.

  • CVE-2022-47521HigDec 18, 2022
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel…

Page 705 of 791