CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-33981 416 DoS 2022-06-18 2022-07-01
2.1
None Local Low Not required None None Partial
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
2 CVE-2022-32981 120 Overflow 2022-06-10 2022-06-27
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.
3 CVE-2022-32296 203 2022-06-05 2022-07-01
2.1
None Local Low Not required Partial None None
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.
4 CVE-2022-32250 416 2022-06-02 2022-07-01
7.2
None Local Low Not required Complete Complete Complete
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
5 CVE-2022-30594 276 Bypass 2022-05-12 2022-07-01
4.6
None Local Low Not required Partial Partial Partial
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
6 CVE-2022-29582 416 2022-04-22 2022-05-04
6.9
None Local Medium Not required Complete Complete Complete
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
7 CVE-2022-29581 416 2022-05-17 2022-06-29
7.2
None Local Low Not required Complete Complete Complete
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
8 CVE-2022-29156 415 2022-04-13 2022-06-02
7.2
None Local Low Not required Complete Complete Complete
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.
9 CVE-2022-28893 416 2022-04-11 2022-06-13
7.2
None Local Low Not required Complete Complete Complete
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
10 CVE-2022-28796 416 2022-04-08 2022-05-12
6.9
None Local Medium Not required Complete Complete Complete
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
11 CVE-2022-28390 415 2022-04-03 2022-07-01
4.6
None Local Low Not required Partial Partial Partial
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
12 CVE-2022-28389 415 2022-04-03 2022-06-16
4.6
None Local Low Not required Partial Partial Partial
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
13 CVE-2022-28388 415 2022-04-03 2022-06-01
4.6
None Local Low Not required Partial Partial Partial
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
14 CVE-2022-27950 401 2022-03-28 2022-04-05
2.1
None Local Low Not required None None Partial
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.
15 CVE-2022-27666 787 Overflow 2022-03-23 2022-05-10
4.6
None Local Low Not required Partial Partial Partial
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
16 CVE-2022-27223 129 2022-03-16 2022-07-01
6.5
None Remote Low ??? Partial Partial Partial
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
17 CVE-2022-26966 +Info 2022-03-12 2022-07-01
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
18 CVE-2022-26878 772 2022-03-11 2022-03-22
2.1
None Local Low Not required None None Partial
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).
19 CVE-2022-26490 120 Overflow 2022-03-06 2022-07-01
4.6
None Local Low Not required Partial Partial Partial
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
20 CVE-2022-25636 269 +Priv 2022-02-24 2022-05-10
6.9
None Local Medium Not required Complete Complete Complete
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
21 CVE-2022-25375 668 +Info 2022-02-20 2022-05-11
2.1
None Local Low Not required Partial None None
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
22 CVE-2022-25265 913 2022-02-16 2022-05-11
4.4
None Local Medium Not required Partial Partial Partial
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.
23 CVE-2022-25258 476 Mem. Corr. 2022-02-16 2022-05-11
4.9
None Local Low Not required None None Complete
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.
24 CVE-2022-24959 401 2022-02-11 2022-05-11
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.
25 CVE-2022-24958 763 2022-02-11 2022-07-01
4.6
None Local Low Not required Partial Partial Partial
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
26 CVE-2022-24448 909 2022-02-04 2022-05-12
1.9
None Local Medium Not required Partial None None
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
27 CVE-2022-24122 416 2022-01-29 2022-04-01
6.9
None Local Medium Not required Complete Complete Complete
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
28 CVE-2022-23222 476 +Priv 2022-01-14 2022-06-07
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
29 CVE-2022-1998 416 2022-06-09 2022-06-15
7.2
None Local Low Not required Complete Complete Complete
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
30 CVE-2022-1882 416 2022-05-26 2022-06-07
7.2
None Local Low Not required Complete Complete Complete
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.
31 CVE-2022-1789 476 2022-06-02 2022-06-15
6.9
None Local Medium Not required Complete Complete Complete
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
32 CVE-2022-1786 416 2022-06-02 2022-06-13
7.2
None Local Low Not required Complete Complete Complete
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.
33 CVE-2022-1734 416 2022-05-18 2022-07-01
4.4
None Local Medium Not required Partial Partial Partial
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
34 CVE-2022-1678 2022-05-25 2022-06-13
5.0
None Remote Low Not required None None Partial
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
35 CVE-2022-1652 416 DoS Exec Code 2022-06-02 2022-06-15
7.2
None Local Low Not required Complete Complete Complete
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
36 CVE-2022-1419 416 2022-06-02 2022-06-09
4.6
None Local Low Not required Partial Partial Partial
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
37 CVE-2022-1353 +Priv +Info 2022-04-29 2022-07-01
3.6
None Local Low Not required Partial None Partial
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
38 CVE-2022-1280 416 DoS +Info 2022-04-13 2022-04-20
3.3
None Local Medium Not required Partial None Partial
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
39 CVE-2022-1195 416 DoS 2022-04-29 2022-05-11
2.1
None Local Low Not required None None Partial
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.
40 CVE-2022-1116 190 Overflow Mem. Corr. 2022-05-17 2022-06-29
7.2
None Local Low Not required Complete Complete Complete
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.
41 CVE-2022-1055 416 +Priv 2022-03-29 2022-06-03
4.6
None Local Low Not required Partial Partial Partial
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
42 CVE-2022-1048 362 2022-04-29 2022-06-29
6.9
None Local Medium Not required Complete Complete Complete
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.
43 CVE-2022-1015 787 2022-04-29 2022-05-11
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
44 CVE-2022-1011 416 +Priv 2022-03-18 2022-07-01
4.6
None Local Low Not required Partial Partial Partial
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
45 CVE-2022-0998 190 Overflow 2022-03-30 2022-05-13
7.2
None Local Low Not required Complete Complete Complete
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
46 CVE-2022-0995 787 DoS +Priv 2022-03-25 2022-04-29
6.6
None Local Low Not required Complete None Complete
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
47 CVE-2022-0854 401 2022-03-23 2022-07-01
2.1
None Local Low Not required Partial None None
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
48 CVE-2022-0847 665 2022-03-10 2022-06-14
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
49 CVE-2022-0742 401 2022-03-18 2022-06-22
7.8
None Remote Low Not required None None Complete
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
50 CVE-2022-0617 476 2022-02-16 2022-05-11
4.9
None Local Low Not required None None Complete
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
Total number of vulnerabilities : 1949   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.