Linux Kernel
by Ubuntu
Source repositories
CVEs (1,105)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52438 | 0.00 | — | 0.00 | Feb 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc->vma pointer isn't safe as it can race with munmap(). As of commit… | |||
| CVE-2023-52436 | 0.00 | — | 0.00 | Feb 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed. | |||
| CVE-2024-25741 | 0.00 | — | 0.00 | Feb 12, 2024 | printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. | |||
| CVE-2024-25740 | 0.00 | — | 0.00 | Feb 12, 2024 | A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. | |||
| CVE-2023-52429 | 0.00 | — | 0.00 | Feb 12, 2024 | dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. | |||
| CVE-2024-1151 | 0.00 | — | 0.00 | Feb 11, 2024 | A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack… | |||
| CVE-2024-22705 | Hig | 0.00 | 7.8 | 0.00 | Jan 23, 2024 | An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. | ||
| CVE-2023-7192 | Med | 0.00 | 5.5 | 0.00 | Jan 2, 2024 | A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow. | ||
| CVE-2023-2612 | Med | 0.00 | 4.4 | 0.00 | May 31, 2023 | Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). | ||
| CVE-2020-36691 | Med | 0.00 | 5.5 | 0.00 | Mar 24, 2023 | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | ||
| CVE-2023-26607 | Hig | 0.00 | 7.1 | 0.01 | Feb 26, 2023 | In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. | ||
| CVE-2023-26606 | Hig | 0.00 | 7.8 | 0.00 | Feb 26, 2023 | In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. | ||
| CVE-2023-26605 | Hig | 0.00 | 7.8 | 0.00 | Feb 26, 2023 | In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. | ||
| CVE-2020-27784 | Med | 0.00 | 5.5 | 0.00 | Sep 1, 2022 | A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). | ||
| CVE-2021-3764 | Med | 0.00 | 5.5 | 0.00 | Aug 23, 2022 | A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-3659 | Med | 0.00 | 5.5 | 0.00 | Aug 22, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system… | ||
| CVE-2020-36557 | Med | 0.00 | 5.1 | 0.00 | Jul 21, 2022 | A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | ||
| CVE-2021-33655 | Med | 0.00 | 6.7 | 0.00 | Jul 18, 2022 | When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. | ||
| CVE-2022-33981 | Low | 0.00 | 3.3 | 0.01 | Jun 18, 2022 | drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | ||
| CVE-2022-32296 | Low | 0.00 | 3.3 | 0.00 | Jun 5, 2022 | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. |
- CVE-2023-52438Feb 20, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc->vma pointer isn't safe as it can race with munmap(). As of commit…
- CVE-2023-52436Feb 20, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.
- CVE-2024-25741Feb 12, 2024risk 0.00cvss —epss 0.00
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
- CVE-2024-25740Feb 12, 2024risk 0.00cvss —epss 0.00
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
- CVE-2023-52429Feb 12, 2024risk 0.00cvss —epss 0.00
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.
- CVE-2024-1151Feb 11, 2024risk 0.00cvss —epss 0.00
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack…
- risk 0.00cvss 7.8epss 0.00
An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.
- risk 0.00cvss 5.5epss 0.00
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.
- risk 0.00cvss 4.4epss 0.00
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).
- risk 0.00cvss 5.5epss 0.00
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
- risk 0.00cvss 7.1epss 0.01
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
- risk 0.00cvss 7.8epss 0.00
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.
- risk 0.00cvss 7.8epss 0.00
In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.
- risk 0.00cvss 5.5epss 0.00
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().
- risk 0.00cvss 5.5epss 0.00
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
- risk 0.00cvss 5.5epss 0.00
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system…
- risk 0.00cvss 5.1epss 0.00
A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.
- risk 0.00cvss 6.7epss 0.00
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
- risk 0.00cvss 3.3epss 0.01
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
- risk 0.00cvss 3.3epss 0.00
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
Page 40 of 56