VYPR

Vendor CVEs

Linux

All CVEs

15,999 total · sorted by risk
  • CVE-2022-33303MedJun 6, 2023
    risk 0.36cvss 5.5epss 0.00

    Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue.

  • CVE-2023-31082MedApr 24, 2023
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.

  • CVE-2023-31081MedApr 24, 2023
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).

  • CVE-2023-2166MedApr 19, 2023
    risk 0.36cvss 5.5epss 0.00

    A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.

  • CVE-2023-28328MedApr 19, 2023
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially…

  • CVE-2023-28327MedApr 19, 2023
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.

  • CVE-2023-2162MedApr 19, 2023
    risk 0.36cvss 5.5epss 0.00

    A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.

  • CVE-2023-1249MedMar 23, 2023
    risk 0.36cvss 5.5epss 0.00

    A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.

  • CVE-2022-3707MedMar 6, 2023
    risk 0.36cvss 5.5epss 0.00

    A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

  • CVE-2023-0597MedFeb 23, 2023
    risk 0.36cvss 5.5epss 0.00

    A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected…

  • CVE-2023-0615MedFeb 6, 2023
    risk 0.36cvss 5.5epss 0.00

    A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid…

  • CVE-2023-0469MedJan 26, 2023
    risk 0.36cvss 5.5epss 0.00

    A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.

  • CVE-2022-4842MedJan 12, 2023
    risk 0.36cvss 5.5epss 0.00

    A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system.

  • CVE-2022-4543MedJan 11, 2023
    risk 0.36cvss 5.5epss 0.01

    A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

  • CVE-2022-4662MedDec 22, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.

  • CVE-2022-42329MedDec 7, 2022
    risk 0.36cvss 5.5epss 0.00

    Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to…

  • CVE-2022-42328MedDec 7, 2022
    risk 0.36cvss 5.5epss 0.00

    Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to…

  • CVE-2022-4269MedDec 5, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol…

  • CVE-2022-4129MedNov 28, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

  • CVE-2022-3169MedSep 9, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.

  • CVE-2022-2905MedSep 9, 2022
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

  • CVE-2022-1204MedAug 29, 2022
    risk 0.36cvss 5.5epss 0.00

    A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

  • CVE-2022-1184MedAug 29, 2022
    risk 0.36cvss 5.5epss 0.00

    A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

  • CVE-2022-1016MedAug 29, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

  • CVE-2021-3669MedAug 26, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

  • CVE-2021-4218MedAug 24, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL.

  • CVE-2021-3759MedAug 23, 2022
    risk 0.36cvss 5.5epss 0.00

    A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The…

  • CVE-2022-2873MedAug 22, 2022
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.

  • CVE-2011-4916MedJul 12, 2022
    risk 0.36cvss 5.5epss 0.00

    Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

  • CVE-2011-4917MedApr 18, 2022
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

  • CVE-2021-4150MedMar 23, 2022
    risk 0.36cvss 5.5epss 0.00

    A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a…

  • CVE-2021-4149MedMar 23, 2022
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

  • CVE-2021-4148MedMar 23, 2022
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.

  • CVE-2021-4095MedMar 10, 2022
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a…

  • CVE-2021-4023MedMar 10, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with…

  • CVE-2021-3428MedMar 4, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a…

  • CVE-2021-20320MedFeb 18, 2022
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

  • CVE-2022-0264MedFeb 4, 2022
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory…

  • CVE-2021-43056MedOct 28, 2021
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.

  • CVE-2021-3564MedJun 8, 2021
    risk 0.36cvss 5.5epss 0.00

    A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from…

  • CVE-2020-10774MedMay 27, 2021
    risk 0.36cvss 5.5epss 0.00

    A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this…

  • CVE-2008-2544MedMay 27, 2021
    risk 0.36cvss 5.5epss 0.00

    Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

  • CVE-2020-25673MedMay 26, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.

  • CVE-2020-27830MedMay 13, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.

  • CVE-2020-26147MedMay 11, 2021
    risk 0.36cvss 5.4epss 0.08

    An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends…

  • CVE-2020-28588MedMay 10, 2021
    risk 0.36cvss 5.5epss 0.01

    An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so…

  • CVE-2021-20219MedMar 23, 2021
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a…

  • CVE-2020-12364MedFeb 17, 2021
    risk 0.36cvss 5.5epss 0.00

    Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

  • CVE-2020-12363MedFeb 17, 2021
    risk 0.36cvss 5.5epss 0.00

    Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

  • CVE-2020-28941MedNov 19, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line…

Page 195 of 320