Filtered by vendor Linux
Subscribe
Total
10566 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20322 | 5 Debian, Fedoraproject, Linux and 2 more | 32 Debian Linux, Fedora, Linux Kernel and 29 more | 2023-11-09 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. | |||||
| CVE-2022-0646 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2023-11-09 | 7.2 HIGH | 7.8 HIGH |
| A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. | |||||
| CVE-2019-15216 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. | |||||
| CVE-2022-1353 | 4 Debian, Linux, Netapp and 1 more | 19 Debian Linux, Linux Kernel, H300e and 16 more | 2023-11-09 | 3.6 LOW | 7.1 HIGH |
| A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | |||||
| CVE-2022-0995 | 3 Fedoraproject, Linux, Netapp | 24 Fedora, Linux Kernel, H300e and 21 more | 2023-11-09 | 7.2 HIGH | 7.8 HIGH |
| An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | |||||
| CVE-2020-29374 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, 500f and 8 more | 2023-11-09 | 3.3 LOW | 3.6 LOW |
| An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. | |||||
| CVE-2022-25265 | 2 Linux, Netapp | 17 Linux Kernel, Baseboard Management Controller Firmware, H300e and 14 more | 2023-11-09 | 4.4 MEDIUM | 7.8 HIGH |
| In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. | |||||
| CVE-2019-15221 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. | |||||
| CVE-2019-15220 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. | |||||
| CVE-2019-15215 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. | |||||
| CVE-2019-15212 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | |||||
| CVE-2022-25636 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, H300e and 10 more | 2023-11-09 | 6.9 MEDIUM | 7.8 HIGH |
| net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | |||||
| CVE-2019-20636 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, Fas 8300 and 15 more | 2023-11-09 | 7.2 HIGH | 6.7 MEDIUM |
| In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | |||||
| CVE-2021-26708 | 2 Linux, Netapp | 12 Linux Kernel, 500f, A250 and 9 more | 2023-11-09 | 6.9 MEDIUM | 7.0 HIGH |
| A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. | |||||
| CVE-2023-5158 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor. | |||||
| CVE-2023-4155 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 5.6 MEDIUM |
| A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). | |||||
| CVE-2023-4010 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 4.6 MEDIUM |
| A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service. | |||||
| CVE-2023-4394 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 6.0 MEDIUM |
| A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information | |||||
| CVE-2023-4611 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 6.3 MEDIUM |
| A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak. | |||||
| CVE-2023-4385 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. | |||||