VYPR

Vendor CVEs

Ubuntu

All CVEs

1,647 total · sorted by risk
  • CVE-2021-4203MedMar 25, 2022
    risk 0.00cvss 6.8epss 0.02

    A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

  • CVE-2022-0742CriMar 18, 2022
    risk 0.00cvss 9.1epss 0.05

    Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.

  • CVE-2021-45868MedMar 18, 2022
    risk 0.00cvss 5.5epss 0.01

    In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

  • CVE-2022-26966MedMar 12, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

  • CVE-2022-0516HigMar 10, 2022
    risk 0.00cvss 7.8epss 0.00

    A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions…

  • CVE-2022-26490HigMar 6, 2022
    risk 0.00cvss 7.8epss 0.00

    st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

  • CVE-2021-3744MedMar 4, 2022
    risk 0.00cvss 5.5epss 0.01

    A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

  • CVE-2021-3743HigMar 4, 2022
    risk 0.00cvss 7.1epss 0.01

    An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest…

  • CVE-2021-3640HigMar 3, 2022
    risk 0.00cvss 7.0epss 0.00

    A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable…

  • CVE-2021-4002MedMar 3, 2022
    risk 0.00cvss 4.4epss 0.01

    A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized…

  • CVE-2021-3609HigMar 3, 2022
    risk 0.00cvss 7.0epss 0.00

    .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege…

  • CVE-2021-3715HigMar 2, 2022
    risk 0.00cvss 7.8epss 0.00

    A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their…

  • CVE-2021-3753MedFeb 16, 2022
    risk 0.00cvss 4.7epss 0.00

    A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data…

  • CVE-2022-0617MedFeb 16, 2022
    risk 0.00cvss 5.5epss 0.01

    A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

  • CVE-2021-44879MedFeb 14, 2022
    risk 0.00cvss 5.5epss 0.01

    In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

  • CVE-2022-0382MedFeb 11, 2022
    risk 0.00cvss 5.5epss 0.00

    An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7…

  • CVE-2021-45402MedFeb 11, 2022
    risk 0.00cvss 5.5epss 0.00

    The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

  • CVE-2022-24959MedFeb 11, 2022
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.

  • CVE-2021-4154HigFeb 4, 2022
    risk 0.00cvss 8.8epss 0.01

    A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and…

  • CVE-2022-0286MedJan 31, 2022
    risk 0.00cvss 5.5epss 0.01

    A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.

  • CVE-2022-24122HigJan 29, 2022
    risk 0.00cvss 7.8epss 0.01

    kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.

  • CVE-2021-4083HigJan 18, 2022
    risk 0.00cvss 7.0epss 0.00

    A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or…

  • CVE-2021-46283MedJan 11, 2022
    risk 0.00cvss 5.5epss 0.00

    nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a…

  • CVE-2021-45485HigDec 25, 2021
    risk 0.00cvss 7.5epss 0.04

    In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

  • CVE-2021-44733HigDec 22, 2021
    risk 0.00cvss 7.0epss 0.01

    A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

  • CVE-2018-25020HigDec 8, 2021
    risk 0.00cvss 7.8epss 0.01

    The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and…

  • CVE-2021-43976MedNov 17, 2021
    risk 0.00cvss 4.6epss 0.01

    In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

  • CVE-2021-43975MedNov 17, 2021
    risk 0.00cvss 6.7epss 0.01

    In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

  • CVE-2021-43057HigOct 28, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an…

  • CVE-2021-42327MedOct 21, 2021
    risk 0.00cvss 6.7epss 0.01

    dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within…

  • CVE-2021-42252HigOct 11, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka…

  • CVE-2021-42008HigOct 5, 2021
    risk 0.00cvss 7.8epss 0.01

    The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.

  • CVE-2021-41864HigOct 2, 2021
    risk 0.00cvss 7.8epss 0.00

    prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.

  • CVE-2021-41073HigSep 19, 2021
    risk 0.00cvss 7.8epss 0.02

    loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation.

  • CVE-2021-40490HigSep 3, 2021
    risk 0.00cvss 7.0epss 0.00

    A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

  • CVE-2021-38209LowAug 8, 2021
    risk 0.00cvss 3.3epss 0.00

    net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS…

  • CVE-2021-38208MedAug 8, 2021
    risk 0.00cvss 5.5epss 0.00

    net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.

  • CVE-2021-38206MedAug 8, 2021
    risk 0.00cvss 5.5epss 0.00

    The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.

  • CVE-2021-38205LowAug 8, 2021
    risk 0.00cvss 3.3epss 0.00

    drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).

  • CVE-2021-38204MedAug 8, 2021
    risk 0.00cvss 6.8epss 0.00

    drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

  • CVE-2021-38201HigAug 8, 2021
    risk 0.00cvss 7.5epss 0.03

    net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.

  • CVE-2021-38200MedAug 8, 2021
    risk 0.00cvss 5.5epss 0.00

    arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf…

  • CVE-2021-38199MedAug 8, 2021
    risk 0.00cvss 6.5epss 0.01

    fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.

  • CVE-2021-38198MedAug 8, 2021
    risk 0.00cvss 5.5epss 0.00

    arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.

  • CVE-2021-38166HigAug 7, 2021
    risk 0.00cvss 7.8epss 0.00

    In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.

  • CVE-2021-34556MedAug 2, 2021
    risk 0.00cvss 5.5epss 0.00

    In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

  • CVE-2021-35477MedAug 2, 2021
    risk 0.00cvss 5.5epss 0.00

    In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an…

  • CVE-2021-29657HigJul 22, 2021
    risk 0.00cvss 7.4epss 0.00

    arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12…

  • CVE-2021-37159MedJul 21, 2021
    risk 0.00cvss 6.4epss 0.00

    hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

  • CVE-2020-28097MedJun 24, 2021
    risk 0.00cvss 5.9epss 0.01

    The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.

Page 25 of 33