VYPR

Linux Kernel

by Ubuntu

Source repositories

CVEs (1,105)

  • CVE-2023-52438Feb 20, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc->vma pointer isn't safe as it can race with munmap(). As of commit…

  • CVE-2023-52436Feb 20, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.

  • CVE-2024-25741Feb 12, 2024
    risk 0.00cvss epss 0.00

    printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.

  • CVE-2024-25740Feb 12, 2024
    risk 0.00cvss epss 0.00

    A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

  • CVE-2023-52429Feb 12, 2024
    risk 0.00cvss epss 0.00

    dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.

  • CVE-2024-1151Feb 11, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack…

  • CVE-2024-22705HigJan 23, 2024
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.

  • CVE-2023-7192MedJan 2, 2024
    risk 0.00cvss 5.5epss 0.00

    A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

  • CVE-2023-2612MedMay 31, 2023
    risk 0.00cvss 4.4epss 0.00

    Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).

  • CVE-2020-36691MedMar 24, 2023
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.

  • CVE-2023-26607HigFeb 26, 2023
    risk 0.00cvss 7.1epss 0.01

    In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.

  • CVE-2023-26606HigFeb 26, 2023
    risk 0.00cvss 7.8epss 0.00

    In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.

  • CVE-2023-26605HigFeb 26, 2023
    risk 0.00cvss 7.8epss 0.00

    In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.

  • CVE-2020-27784MedSep 1, 2022
    risk 0.00cvss 5.5epss 0.00

    A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

  • CVE-2021-3764MedAug 23, 2022
    risk 0.00cvss 5.5epss 0.00

    A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.

  • CVE-2021-3659MedAug 22, 2022
    risk 0.00cvss 5.5epss 0.00

    A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system…

  • CVE-2020-36557MedJul 21, 2022
    risk 0.00cvss 5.1epss 0.00

    A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.

  • CVE-2021-33655MedJul 18, 2022
    risk 0.00cvss 6.7epss 0.00

    When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

  • CVE-2022-33981LowJun 18, 2022
    risk 0.00cvss 3.3epss 0.01

    drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

  • CVE-2022-32296LowJun 5, 2022
    risk 0.00cvss 3.3epss 0.00

    The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.

Page 40 of 56