VYPR

Vendor CVEs

Linux

All CVEs

15,975 total · sorted by risk
  • CVE-2022-26490HigMar 6, 2022
    risk 0.00cvss 7.8epss 0.00

    st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

  • CVE-2021-3744MedMar 4, 2022
    risk 0.00cvss 5.5epss 0.01

    A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

  • CVE-2021-3743HigMar 4, 2022
    risk 0.00cvss 7.1epss 0.01

    An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest…

  • CVE-2021-3640HigMar 3, 2022
    risk 0.00cvss 7.0epss 0.00

    A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable…

  • CVE-2021-4002MedMar 3, 2022
    risk 0.00cvss 4.4epss 0.01

    A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized…

  • CVE-2021-3609HigMar 3, 2022
    risk 0.00cvss 7.0epss 0.00

    .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege…

  • CVE-2021-3772MedMar 2, 2022
    risk 0.00cvss 6.5epss 0.01

    A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

  • CVE-2021-3715HigMar 2, 2022
    risk 0.00cvss 7.8epss 0.00

    A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their…

  • CVE-2022-25636HigFeb 24, 2022
    risk 0.00cvss 7.8epss 0.03

    net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

  • CVE-2022-25375MedFeb 20, 2022
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

  • CVE-2022-25258MedFeb 16, 2022
    risk 0.00cvss 4.6epss 0.01

    An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory…

  • CVE-2021-3753MedFeb 16, 2022
    risk 0.00cvss 4.7epss 0.00

    A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data…

  • CVE-2022-0617MedFeb 16, 2022
    risk 0.00cvss 5.5epss 0.01

    A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

  • CVE-2021-44879MedFeb 14, 2022
    risk 0.00cvss 5.5epss 0.01

    In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

  • CVE-2022-0382MedFeb 11, 2022
    risk 0.00cvss 5.5epss 0.00

    An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7…

  • CVE-2021-45402MedFeb 11, 2022
    risk 0.00cvss 5.5epss 0.00

    The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

  • CVE-2022-24959MedFeb 11, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.

  • CVE-2022-24958HigFeb 11, 2022
    risk 0.00cvss 7.8epss 0.00

    drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

  • CVE-2022-0487MedFeb 4, 2022
    risk 0.00cvss 5.5epss 0.00

    A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

  • CVE-2021-4154HigFeb 4, 2022
    risk 0.00cvss 8.8epss 0.01

    A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and…

  • CVE-2022-24448LowFeb 4, 2022
    risk 0.00cvss 3.3epss 0.00

    An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns…

  • CVE-2022-0286MedJan 31, 2022
    risk 0.00cvss 5.5epss 0.01

    A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.

  • CVE-2022-24122HigJan 29, 2022
    risk 0.00cvss 7.8epss 0.01

    kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.

  • CVE-2021-4032MedJan 21, 2022
    risk 0.00cvss 4.4epss 0.00

    A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which…

  • CVE-2021-4001MedJan 21, 2022
    risk 0.00cvss 4.1epss 0.00

    A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space.…

  • CVE-2021-4083HigJan 18, 2022
    risk 0.00cvss 7.0epss 0.00

    A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or…

  • CVE-2022-23222HigJan 14, 2022
    risk 0.00cvss 7.8epss 0.02

    kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

  • CVE-2021-46283MedJan 11, 2022
    risk 0.00cvss 5.5epss 0.00

    nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a…

  • CVE-2021-45486LowDec 25, 2021
    risk 0.00cvss 3.5epss 0.00

    In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

  • CVE-2021-45485HigDec 25, 2021
    risk 0.00cvss 7.5epss 0.04

    In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

  • CVE-2021-45480MedDec 24, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.

  • CVE-2021-45469HigDec 23, 2021
    risk 0.00cvss 7.8epss 0.01

    In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

  • CVE-2021-44733HigDec 22, 2021
    risk 0.00cvss 7.0epss 0.01

    A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

  • CVE-2021-45100HigDec 16, 2021
    risk 0.00cvss 7.5epss 0.01

    The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the…

  • CVE-2021-45095MedDec 16, 2021
    risk 0.00cvss 5.5epss 0.00

    pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.

  • CVE-2018-25020HigDec 8, 2021
    risk 0.00cvss 7.8epss 0.01

    The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and…

  • CVE-2021-43976MedNov 17, 2021
    risk 0.00cvss 4.6epss 0.01

    In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

  • CVE-2021-43975MedNov 17, 2021
    risk 0.00cvss 6.7epss 0.01

    In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

  • CVE-2021-43389MedNov 4, 2021
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

  • CVE-2021-43057HigOct 28, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an…

  • CVE-2021-42327MedOct 21, 2021
    risk 0.00cvss 6.7epss 0.01

    dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within…

  • CVE-2021-42739MedOct 20, 2021
    risk 0.00cvss 6.7epss 0.00

    The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.

  • CVE-2021-42252HigOct 11, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka…

  • CVE-2021-42008HigOct 5, 2021
    risk 0.00cvss 7.8epss 0.01

    The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.

  • CVE-2021-41864HigOct 2, 2021
    risk 0.00cvss 7.8epss 0.00

    prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.

  • CVE-2021-38300HigSep 20, 2021
    risk 0.00cvss 7.8epss 0.01

    arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of…

  • CVE-2021-41073HigSep 19, 2021
    risk 0.00cvss 7.8epss 0.02

    loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation.

  • CVE-2021-40490HigSep 3, 2021
    risk 0.00cvss 7.0epss 0.00

    A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

  • CVE-2021-3573MedAug 13, 2021
    risk 0.00cvss 6.4epss 0.00

    A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(),…

  • CVE-2021-38209LowAug 8, 2021
    risk 0.00cvss 3.3epss 0.00

    net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS…

Page 289 of 320