VYPR

Vendor CVEs

Linux

All CVEs

15,975 total · sorted by risk
  • CVE-2021-30002MedApr 2, 2021
    risk 0.00cvss 6.2epss 0.00

    An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.

  • CVE-2021-29650MedMar 30, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value,…

  • CVE-2021-29649MedMar 30, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.

  • CVE-2021-29648MedMar 30, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt…

  • CVE-2021-29647MedMar 30, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.

  • CVE-2021-29646MedMar 30, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.

  • CVE-2021-29266HigMar 26, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.

  • CVE-2021-29265MedMar 26, 2021
    risk 0.00cvss 4.7epss 0.00

    An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka…

  • CVE-2021-29264MedMar 26, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when…

  • CVE-2020-35508MedMar 26, 2021
    risk 0.00cvss 4.5epss 0.00

    A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a…

  • CVE-2021-3444HigMar 23, 2021
    risk 0.00cvss 7.8epss 0.01

    The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information…

  • CVE-2021-28972MedMar 22, 2021
    risk 0.00cvss 6.7epss 0.01

    In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This…

  • CVE-2021-28971MedMar 22, 2021
    risk 0.00cvss 5.5epss 0.00

    In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.

  • CVE-2021-28964MedMar 22, 2021
    risk 0.00cvss 4.7epss 0.00

    A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.

  • CVE-2020-27171MedMar 20, 2021
    risk 0.00cvss 6.0epss 0.01

    An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain…

  • CVE-2020-27170MedMar 20, 2021
    risk 0.00cvss 4.7epss 0.01

    An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka…

  • CVE-2021-28952HigMar 20, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)

  • CVE-2021-28951MedMar 20, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka…

  • CVE-2021-28950MedMar 20, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

  • CVE-2021-28660HigMar 17, 2021
    risk 0.00cvss 8.8epss 0.01

    rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work);…

  • CVE-2021-27365HigMar 7, 2021
    risk 0.00cvss 7.8epss 0.02

    An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up…

  • CVE-2021-27364HigMar 7, 2021
    risk 0.00cvss 7.1epss 0.01

    An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

  • CVE-2021-27363MedMar 7, 2021
    risk 0.00cvss 4.4epss 0.01

    An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via…

  • CVE-2021-28039MedMar 5, 2021
    risk 0.00cvss 6.5epss 0.00

    An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a…

  • CVE-2021-28038MedMar 5, 2021
    risk 0.00cvss 6.5epss 0.01

    An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of…

  • CVE-2021-26932MedFeb 17, 2021
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the…

  • CVE-2021-26931MedFeb 17, 2021
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory…

  • CVE-2021-26930HigFeb 17, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be…

  • CVE-2021-26708HigFeb 5, 2021
    risk 0.00cvss 7.0epss 0.02

    A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK…

  • CVE-2021-3348HigFeb 1, 2021
    risk 0.00cvss 7.0epss 0.00

    nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.

  • CVE-2020-16119MedJan 14, 2021
    risk 0.00cvss 6.3epss 0.00

    Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224,…

  • CVE-2020-27777MedDec 15, 2020
    risk 0.00cvss 6.7epss 0.01

    A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further…

  • CVE-2020-27786HigDec 11, 2020
    risk 0.00cvss 7.8epss 0.02

    A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of…

  • CVE-2020-29661HigDec 9, 2020
    risk 0.00cvss 7.8epss 0.01

    A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

  • CVE-2020-29660MedDec 9, 2020
    risk 0.00cvss 4.4epss 0.00

    A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

  • CVE-2020-29534HigDec 3, 2020
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.

  • CVE-2020-14381HigDec 3, 2020
    risk 0.00cvss 7.8epss 0.01

    A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to…

  • CVE-2020-25704MedDec 2, 2020
    risk 0.00cvss 5.5epss 0.00

    A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

  • CVE-2020-29374LowNov 28, 2020
    risk 0.00cvss 3.6epss 0.00

    An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended…

  • CVE-2020-29373MedNov 28, 2020
    risk 0.00cvss 6.5epss 0.01

    An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.

  • CVE-2020-29371LowNov 28, 2020
    risk 0.00cvss 3.3epss 0.01

    An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.

  • CVE-2020-29370HigNov 28, 2020
    risk 0.00cvss 7.0epss 0.01

    An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.

  • CVE-2020-29369HigNov 28, 2020
    risk 0.00cvss 7.0epss 0.00

    An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.

  • CVE-2020-29368HigNov 28, 2020
    risk 0.00cvss 7.0epss 0.00

    An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.

  • CVE-2019-20934MedNov 28, 2020
    risk 0.00cvss 5.3epss 0.00

    An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.

  • CVE-2020-28974MedNov 20, 2020
    risk 0.00cvss 5.0epss 0.01

    A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations…

  • CVE-2020-28915MedNov 18, 2020
    risk 0.00cvss 5.8epss 0.00

    A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.

  • CVE-2020-27152MedNov 6, 2020
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9.

  • CVE-2020-27675MedOct 22, 2020
    risk 0.00cvss 4.7epss 0.00

    An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as…

  • CVE-2020-27673MedOct 22, 2020
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.

Page 291 of 320