CVEs referencing
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
Max Base Score
5.5
Published
2020-09-17
Updated
2022-10-25
EPSS
0.04%
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Max Base Score
5.5
Published
2020-11-12
Updated
2021-05-11
EPSS
0.05%
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Max Base Score
7.8
Published
2020-12-03
Updated
2021-11-04
EPSS
0.09%
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Max Base Score
7.5
Published
2020-10-13
Updated
2021-03-26
EPSS
0.74%
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
Max Base Score
4.1
Published
2020-12-02
Updated
2022-10-25
EPSS
0.04%
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
Max Base Score
7.0
Published
2021-05-26
Updated
2023-10-05
EPSS
0.05%
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
Max Base Score
7.8
Published
2021-05-26
Updated
2023-02-24
EPSS
0.05%
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
Max Base Score
5.5
Published
2020-12-02
Updated
2022-10-25
EPSS
0.04%
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
Max Base Score
5.5
Published
2020-10-22
Updated
2023-08-22
EPSS
0.05%
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.
Max Base Score
4.7
Published
2020-10-22
Updated
2022-04-26
EPSS
0.05%
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
Max Base Score
6.1
Published
2020-11-20
Updated
2021-01-27
EPSS
0.04%