Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In December 2021
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
Max CVSS
3.5
EPSS Score
0.05%
Published
2021-12-25
Updated
2023-02-24
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-12-25
Updated
2023-02-24
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-12-24
Updated
2022-04-06
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.
Max CVSS
7.8
EPSS Score
0.07%
Published
2021-12-23
Updated
2022-04-06
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-12-16
Updated
2022-04-06
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
Max CVSS
7.0
EPSS Score
0.12%
Published
2021-12-22
Updated
2024-03-25
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-12-08
Updated
2022-04-05
7 vulnerabilities found