VYPR

Vendor CVEs

Linux

All CVEs

15,612 total · sorted by risk
  • CVE-2017-16939HigNov 24, 2017
    risk 0.54cvss 7.8epss 0.02

    The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink…

  • CVE-2017-15649HigOct 19, 2017
    risk 0.54cvss 7.8epss 0.01

    net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a…

  • CVE-2017-11176HigJul 11, 2017
    risk 0.54cvss 7.8epss 0.04

    The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2017-1000379HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.02

    The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.

  • CVE-2017-1000371HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.02

    The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above…

  • CVE-2017-1000370HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.02

    The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the…

  • CVE-2016-10277HigMay 12, 2017
    risk 0.54cvss 7.8epss 0.09

    An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2017-6074HigFeb 18, 2017
    risk 0.54cvss 7.8epss 0.06

    The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application…

  • CVE-2017-5972HigFeb 14, 2017
    risk 0.54cvss 7.5epss 0.24

    The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an…

  • CVE-2016-9793HigDec 28, 2016
    risk 0.54cvss 7.8epss 0.02

    The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by…

  • CVE-2016-6187HigAug 6, 2016
    risk 0.54cvss 7.8epss 0.02

    The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.

  • CVE-2016-4997HigJul 3, 2016
    risk 0.54cvss 7.8epss 0.06

    The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a…

  • CVE-2015-0569HigMay 9, 2016
    risk 0.54cvss 7.8epss 0.06

    Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows…

  • CVE-2016-2854HigMay 2, 2016
    risk 0.54cvss 7.8epss 0.01

    The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

  • CVE-2016-2853HigMay 2, 2016
    risk 0.54cvss 7.8epss 0.01

    The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

  • CVE-2016-3672HigApr 27, 2016
    risk 0.54cvss 7.8epss 0.01

    The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection…

  • CVE-2016-3135HigApr 27, 2016
    risk 0.54cvss 7.8epss 0.01

    Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

  • CVE-2010-3081HigSep 24, 2010
    risk 0.54cvss 7.8epss 0.04

    The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging…

  • CVE-2009-2698HigAug 27, 2009
    risk 0.54cvss 7.8epss 0.07

    The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE…

  • CVE-2026-46316CriJun 9, 2026
    risk 0.53cvss 9.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each…

  • CVE-2023-39191HigOct 4, 2023
    risk 0.53cvss 8.2epss 0.01

    An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to…

  • CVE-2023-32258HigJul 24, 2023
    risk 0.53cvss 8.1epss 0.03

    A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker…

  • CVE-2023-32257HigJul 24, 2023
    risk 0.53cvss 8.1epss 0.02

    A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An…

  • CVE-2021-37571HigDec 26, 2021
    risk 0.53cvss 8.2epss 0.01

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).

  • CVE-2021-37567HigDec 26, 2021
    risk 0.53cvss 8.2epss 0.01

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).

  • CVE-2021-37564HigDec 26, 2021
    risk 0.53cvss 8.2epss 0.01

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).

  • CVE-2021-32467HigDec 26, 2021
    risk 0.53cvss 8.2epss 0.01

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0;…

  • CVE-2019-19770HigDec 12, 2019
    risk 0.53cvss 8.2epss 0.02

    In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE:…

  • CVE-2018-18559HigOct 22, 2018
    risk 0.53cvss 8.1epss 0.03

    In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code…

  • CVE-2016-3707HigJun 27, 2016
    risk 0.53cvss 8.1epss 0.03

    The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands…

  • CVE-2011-3188CriMay 24, 2012
    risk 0.53cvss 9.1epss 0.06

    The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network…

  • CVE-2011-2189HigOct 10, 2011
    risk 0.53cvss 7.5epss 0.18

    net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires…

  • CVE-2004-0816HigDec 23, 2004
    risk 0.53cvss 7.5epss 0.12

    Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet.

  • CVE-2026-46266CriJun 3, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO_RAW (255) was dangerous. socket(AF_INET, SOCK_RAW, 255); A malicious…

  • CVE-2026-46244CriJun 3, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly computes the transport header offset traversing all extension headers,…

  • CVE-2026-46185CriMay 28, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlink_data() Since smb2_check_message() returns success without length validation for the symlink error response, in symlink_data() it is possible for iov->iov_len to be…

  • CVE-2026-46155CriMay 28, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, check_wsl_eas() returns success without…

  • CVE-2026-46119CriMay 28, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a (potentially corrupted) message of type CEPH_MSG_AUTH_REPLY contains a positive value in its result field, it is treated as an error code…

  • CVE-2026-46043CriMay 27, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at least header_size(pkt) bytes long before payload_size() is used. However,…

  • CVE-2026-43407CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() This patch fixes an out-of-bounds access in ceph_handle_auth_reply() that can be triggered by a message of type CEPH_MSG_AUTH_REPLY. In…

  • CVE-2026-43406CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in process_message_header() If the message frame is (maliciously) corrupted in a way that the length of the control segment ends up being less than the size of…

  • CVE-2026-43197CriMay 6, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netconsole: avoid OOB reads, msg is not nul-terminated msg passed to netconsole from the console subsystem is not guaranteed to be nul-terminated. Before recent commit 7eab73b18630 ("netconsole: convert to…

  • CVE-2026-43117CriMay 6, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on top of btrfs, dentry->d_sb translates to overlay's super block and fsid assignment will lead to a crash. …

  • CVE-2026-43083CriMay 6, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock When trace->type.bit6 is set: if (trace->type.bit6) { ... queue = skb_get_tx_queue(dev, skb); qdisc = rcu_dereference(queue->qdisc); This code…

  • CVE-2026-43071CriMay 5, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dcache: Limit the minimal number of bucket to two There is an OOB read problem on dentry_hashtable when user sets 'dhash_entries=1': BUG: unable to handle page fault for address: ffff888b30b774b0 #PF:…

  • CVE-2026-31682CriApr 25, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and assumes that these options are in the linear part of request. Its callers only…

  • CVE-2026-31636CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and then passes p + auth_len as the parser limit to rxgk_do_verify_authenticator().…

  • CVE-2026-23455CriApr 3, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator…

  • CVE-2021-4157HigMar 25, 2022
    risk 0.52cvss 8.0epss 0.02

    An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate…

  • CVE-2018-1087HigMay 15, 2018
    risk 0.52cvss 8.0epss 0.01

    kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions.…

Page 4 of 313