Kernel
by Red Hat
CVEs (140)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39736 | 0.00 | — | 0.00 | Mar 16, 2022 | In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for… | |||
| CVE-2021-39732 | 0.00 | — | 0.00 | Mar 16, 2022 | In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2021-39727 | 0.00 | — | 0.00 | Mar 16, 2022 | In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for… | |||
| CVE-2021-39725 | 0.00 | — | 0.00 | Mar 16, 2022 | In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2021-39714 | 0.00 | — | 0.00 | Mar 16, 2022 | In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | |||
| CVE-2021-39713 | 0.00 | — | 0.00 | Mar 16, 2022 | Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel | |||
| CVE-2021-39711 | 0.00 | — | 0.00 | Mar 16, 2022 | In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | |||
| CVE-2021-39681 | 0.00 | — | 0.00 | Jan 14, 2022 | In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | |||
| CVE-2021-39680 | 0.00 | — | 0.00 | Jan 14, 2022 | In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2021-39647 | 0.00 | — | 0.00 | Dec 15, 2021 | In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for… | |||
| CVE-2021-39642 | 0.00 | — | 0.00 | Dec 15, 2021 | In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2021-1046 | 0.00 | — | 0.00 | Dec 15, 2021 | In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2021-39638 | 0.00 | — | 0.00 | Dec 15, 2021 | In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2021-39656 | 0.00 | — | 0.00 | Dec 15, 2021 | In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2021-39650 | 0.00 | — | 0.00 | Dec 15, 2021 | In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:… | |||
| CVE-2021-39649 | 0.00 | — | 0.00 | Dec 15, 2021 | In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | |||
| CVE-2021-39648 | 0.00 | — | 0.00 | Dec 15, 2021 | In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2021-39640 | 0.00 | — | 0.00 | Dec 15, 2021 | In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2021-0961 | 0.00 | — | 0.00 | Dec 15, 2021 | In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | |||
| CVE-2021-1044 | 0.00 | — | 0.00 | Dec 15, 2021 | In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… |
- CVE-2021-39736Mar 16, 2022risk 0.00cvss —epss 0.00
In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for…
- CVE-2021-39732Mar 16, 2022risk 0.00cvss —epss 0.00
In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2021-39727Mar 16, 2022risk 0.00cvss —epss 0.00
In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for…
- CVE-2021-39725Mar 16, 2022risk 0.00cvss —epss 0.00
In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2021-39714Mar 16, 2022risk 0.00cvss —epss 0.00
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- CVE-2021-39713Mar 16, 2022risk 0.00cvss —epss 0.00
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
- CVE-2021-39711Mar 16, 2022risk 0.00cvss —epss 0.00
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- CVE-2021-39681Jan 14, 2022risk 0.00cvss —epss 0.00
In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- CVE-2021-39680Jan 14, 2022risk 0.00cvss —epss 0.00
In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2021-39647Dec 15, 2021risk 0.00cvss —epss 0.00
In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for…
- CVE-2021-39642Dec 15, 2021risk 0.00cvss —epss 0.00
In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2021-1046Dec 15, 2021risk 0.00cvss —epss 0.00
In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2021-39638Dec 15, 2021risk 0.00cvss —epss 0.00
In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2021-39656Dec 15, 2021risk 0.00cvss —epss 0.00
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2021-39650Dec 15, 2021risk 0.00cvss —epss 0.00
In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…
- CVE-2021-39649Dec 15, 2021risk 0.00cvss —epss 0.00
In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- CVE-2021-39648Dec 15, 2021risk 0.00cvss —epss 0.00
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2021-39640Dec 15, 2021risk 0.00cvss —epss 0.00
In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2021-0961Dec 15, 2021risk 0.00cvss —epss 0.00
In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- CVE-2021-1044Dec 15, 2021risk 0.00cvss —epss 0.00
In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
Page 4 of 7