CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-23559 190 Overflow 2023-01-13 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
2 CVE-2023-23455 843 DoS 2023-01-12 2023-01-30
0.0
None ??? ??? ??? ??? ??? ???
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
3 CVE-2023-23454 843 DoS 2023-01-12 2023-01-30
0.0
None ??? ??? ??? ??? ??? ???
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
4 CVE-2023-0122 476 DoS 2023-01-17 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.
5 CVE-2022-47946 416 DoS 2022-12-23 2023-01-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.
6 CVE-2022-47943 125 2022-12-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.
7 CVE-2022-47942 787 Overflow 2022-12-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.
8 CVE-2022-47941 401 2022-12-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.
9 CVE-2022-47940 125 2022-12-23 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.
10 CVE-2022-47939 416 2022-12-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.
11 CVE-2022-47938 125 2022-12-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.
12 CVE-2022-47929 476 DoS 2023-01-17 2023-01-30
0.0
None ??? ??? ??? ??? ??? ???
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.
13 CVE-2022-47521 787 Overflow 2022-12-18 2023-01-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.
14 CVE-2022-47520 125 2022-12-18 2023-01-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
15 CVE-2022-47519 787 2022-12-18 2023-01-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.
16 CVE-2022-47518 787 Overflow 2022-12-18 2023-01-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
17 CVE-2022-45934 190 2022-11-27 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
18 CVE-2022-45919 416 2022-11-27 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
19 CVE-2022-45888 362 2022-11-25 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
20 CVE-2022-45887 362 2022-11-25 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
21 CVE-2022-45886 362 2022-11-25 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
22 CVE-2022-45885 362 2022-11-25 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
23 CVE-2022-45884 362 2022-11-25 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
24 CVE-2022-45869 362 DoS Mem. Corr. 2022-11-30 2022-12-05
0.0
None ??? ??? ??? ??? ??? ???
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
25 CVE-2022-44034 362 2022-10-30 2022-11-01
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().
26 CVE-2022-44033 362 2022-10-30 2022-11-01
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().
27 CVE-2022-44032 362 2022-10-30 2022-11-01
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().
28 CVE-2022-43945 770 Overflow 2022-11-04 2022-12-15
0.0
None ??? ??? ??? ??? ??? ???
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
29 CVE-2022-43750 787 2022-10-26 2023-01-17
0.0
None ??? ??? ??? ??? ??? ???
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
30 CVE-2022-42896 416 Exec Code 2022-11-23 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
31 CVE-2022-42895 824 2022-11-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
32 CVE-2022-42722 476 2022-10-14 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
33 CVE-2022-42721 835 Exec Code 2022-10-14 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
34 CVE-2022-42720 416 Exec Code 2022-10-14 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
35 CVE-2022-42719 416 Exec Code 2022-10-13 2023-01-17
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
36 CVE-2022-42703 416 2022-10-09 2022-12-08
0.0
None ??? ??? ??? ??? ??? ???
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
37 CVE-2022-42329 667 2022-12-07 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
38 CVE-2022-42328 667 2022-12-07 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
39 CVE-2022-41858 416 +Info 2023-01-17 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
40 CVE-2022-41850 362 2022-09-30 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
41 CVE-2022-41849 362 2022-09-30 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
42 CVE-2022-41848 362 2022-09-30 2022-10-04
0.0
None ??? ??? ??? ??? ??? ???
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
43 CVE-2022-41674 787 Overflow 2022-10-14 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
44 CVE-2022-41222 416 2022-09-21 2022-11-07
0.0
None ??? ??? ??? ??? ??? ???
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
45 CVE-2022-41218 416 2022-09-21 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
46 CVE-2022-40768 668 +Info 2022-09-18 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
47 CVE-2022-40476 476 DoS 2022-09-14 2022-09-17
0.0
None ??? ??? ??? ??? ??? ???
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.
48 CVE-2022-40307 416 2022-09-09 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
49 CVE-2022-40133 416 DoS +Priv 2022-09-09 2022-09-14
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
50 CVE-2022-39842 190 Overflow Bypass 2022-09-05 2022-12-19
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.
Total number of vulnerabilities : 197   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.