VYPR

Vendor CVEs

Ubuntu

All CVEs

1,596 total · sorted by risk
  • CVE-2022-47946MedDec 23, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a…

  • CVE-2022-47943HigDec 23, 2022
    risk 0.00cvss 8.1epss 0.04

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.

  • CVE-2022-47942HigDec 23, 2022
    risk 0.00cvss 8.8epss 0.04

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.

  • CVE-2022-47521HigDec 18, 2022
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel…

  • CVE-2022-47520HigDec 18, 2022
    risk 0.00cvss 7.1epss 0.00

    An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink…

  • CVE-2022-47519HigDec 18, 2022
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from…

  • CVE-2022-47518HigDec 18, 2022
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from…

  • CVE-2022-3114MedDec 14, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.

  • CVE-2022-3112MedDec 14, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.

  • CVE-2022-3111MedDec 14, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().

  • CVE-2022-3110MedDec 14, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.

  • CVE-2022-3108MedDec 14, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().

  • CVE-2022-3107MedDec 14, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.

  • CVE-2022-3105MedDec 14, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().

  • CVE-2022-3104MedDec 14, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.

  • CVE-2022-45869MedNov 30, 2022
    risk 0.00cvss 5.5epss 0.00

    A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

  • CVE-2022-4128MedNov 28, 2022
    risk 0.00cvss 5.5epss 0.00

    A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.

  • CVE-2022-4127MedNov 28, 2022
    risk 0.00cvss 5.5epss 0.00

    A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.

  • CVE-2022-45934HigNov 27, 2022
    risk 0.00cvss 7.8epss 0.01

    An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

  • CVE-2022-45919HigNov 27, 2022
    risk 0.00cvss 7.0epss 0.00

    An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.

  • CVE-2022-45888MedNov 25, 2022
    risk 0.00cvss 6.4epss 0.01

    An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.

  • CVE-2022-45887MedNov 25, 2022
    risk 0.00cvss 4.7epss 0.00

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

  • CVE-2022-45886HigNov 25, 2022
    risk 0.00cvss 7.0epss 0.00

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

  • CVE-2022-45885HigNov 25, 2022
    risk 0.00cvss 7.0epss 0.00

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

  • CVE-2022-45884HigNov 25, 2022
    risk 0.00cvss 7.0epss 0.00

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.

  • CVE-2022-42896HigNov 23, 2022
    risk 0.00cvss 8.0epss 0.02

    There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code…

  • CVE-2022-42895MedNov 23, 2022
    risk 0.00cvss 5.1epss 0.00

    There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit  https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3…

  • CVE-2022-44034MedOct 30, 2022
    risk 0.00cvss 6.4epss 0.00

    An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and…

  • CVE-2022-44033MedOct 30, 2022
    risk 0.00cvss 6.4epss 0.00

    An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and…

  • CVE-2022-44032MedOct 30, 2022
    risk 0.00cvss 6.4epss 0.00

    An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and…

  • CVE-2022-43750MedOct 26, 2022
    risk 0.00cvss 6.7epss 0.00

    drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.

  • CVE-2022-3646LowOct 21, 2022
    risk 0.00cvss 3.1epss 0.01

    A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is…

  • CVE-2022-3630LowOct 21, 2022
    risk 0.00cvss 3.1epss 0.00

    A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The…

  • CVE-2022-3624LowOct 21, 2022
    risk 0.00cvss 3.5epss 0.00

    A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this…

  • CVE-2022-3621MedOct 20, 2022
    risk 0.00cvss 4.3epss 0.01

    A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack…

  • CVE-2022-3619LowOct 20, 2022
    risk 0.00cvss 3.5epss 0.01

    A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch…

  • CVE-2022-3577HigOct 20, 2022
    risk 0.00cvss 7.8epss 0.00

    An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect…

  • CVE-2022-3595LowOct 18, 2022
    risk 0.00cvss 3.5epss 0.00

    A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this…

  • CVE-2022-3594MedOct 18, 2022
    risk 0.00cvss 5.3epss 0.02

    A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched…

  • CVE-2022-3566MedOct 17, 2022
    risk 0.00cvss 4.6epss 0.00

    A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier…

  • CVE-2022-3565MedOct 17, 2022
    risk 0.00cvss 4.6epss 0.00

    A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a…

  • CVE-2022-3545MedOct 17, 2022
    risk 0.00cvss 5.5epss 0.00

    A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is…

  • CVE-2022-3544LowOct 17, 2022
    risk 0.00cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue.…

  • CVE-2022-3534MedOct 17, 2022
    risk 0.00cvss 5.5epss 0.01

    A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The…

  • CVE-2022-3523MedOct 16, 2022
    risk 0.00cvss 5.3epss 0.01

    A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to…

  • CVE-2022-42719HigOct 13, 2022
    risk 0.00cvss 8.8epss 0.01

    A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

  • CVE-2022-42703MedOct 9, 2022
    risk 0.00cvss 5.5epss 0.01

    mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.

  • CVE-2022-41222HigSep 21, 2022
    risk 0.00cvss 7.0epss 0.00

    mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

  • CVE-2022-40768MedSep 18, 2022
    risk 0.00cvss 5.5epss 0.00

    drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

  • CVE-2022-40476MedSep 14, 2022
    risk 0.00cvss 5.5epss 0.00

    A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.

Page 22 of 32