| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33742 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
|
2 |
CVE-2022-33741 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
|
3 |
CVE-2022-33740 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
|
4 |
CVE-2022-26365 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
|
5 |
CVE-2022-24588 |
79 |
|
XSS |
2022-02-15 |
2022-10-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. |
|
6 |
CVE-2022-1462 |
362 |
|
|
2022-06-02 |
2022-10-29 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. |
|
7 |
CVE-2022-1353 |
|
|
+Priv +Info |
2022-04-29 |
2022-12-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. |
|
8 |
CVE-2022-1280 |
416 |
|
DoS +Info |
2022-04-13 |
2022-04-20 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. |
|
9 |
CVE-2021-38199 |
|
|
DoS |
2021-08-08 |
2021-12-21 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. |
|
10 |
CVE-2021-27364 |
125 |
|
|
2021-03-07 |
2021-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. |
|
11 |
CVE-2021-27363 |
|
|
|
2021-03-07 |
2022-05-23 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. |
|
12 |
CVE-2021-4002 |
401 |
|
|
2022-03-03 |
2022-07-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. |
|
13 |
CVE-2021-3743 |
125 |
|
+Info |
2022-03-04 |
2022-07-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. |
|
14 |
CVE-2021-3739 |
476 |
|
+Info |
2022-03-10 |
2022-06-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. |
|
15 |
CVE-2021-3501 |
787 |
|
|
2021-05-06 |
2022-05-13 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. |
|
16 |
CVE-2020-35501 |
|
|
|
2022-03-30 |
2022-12-02 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem |
|
17 |
CVE-2020-29374 |
362 |
|
|
2020-11-28 |
2022-04-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. |
|
18 |
CVE-2020-28097 |
125 |
|
|
2021-06-24 |
2022-04-06 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. |
|
19 |
CVE-2020-27171 |
193 |
|
+Info |
2021-03-20 |
2022-07-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. |
|
20 |
CVE-2020-26147 |
|
|
|
2021-05-11 |
2022-07-12 |
3.2 |
None |
Local Network |
High |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. |
|
21 |
CVE-2020-25211 |
120 |
|
Overflow |
2020-09-09 |
2022-11-16 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. |
|
22 |
CVE-2020-24394 |
732 |
|
|
2020-08-19 |
2022-10-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. |
|
23 |
CVE-2020-11565 |
787 |
|
|
2020-04-06 |
2020-06-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”. |
|
24 |
CVE-2020-10742 |
787 |
|
Overflow |
2021-06-02 |
2021-06-11 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. |
|
25 |
CVE-2020-10732 |
908 |
|
|
2020-06-12 |
2022-11-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. |
|
26 |
CVE-2020-9383 |
125 |
|
|
2020-02-25 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. |
|
27 |
CVE-2020-8649 |
416 |
|
|
2020-02-06 |
2021-12-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. |
|
28 |
CVE-2020-8648 |
416 |
|
|
2020-02-06 |
2022-07-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. |
|
29 |
CVE-2020-8647 |
416 |
|
|
2020-02-06 |
2021-12-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. |
|
30 |
CVE-2020-8428 |
416 |
|
DoS +Info |
2020-01-29 |
2020-06-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. |
|
31 |
CVE-2019-19927 |
125 |
|
|
2019-12-31 |
2020-05-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. |
|
32 |
CVE-2019-15031 |
200 |
|
+Info |
2019-09-13 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. |
|
33 |
CVE-2019-15030 |
862 |
|
|
2019-09-13 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. |
|
34 |
CVE-2019-5108 |
287 |
|
|
2019-12-23 |
2022-06-17 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. |
|
35 |
CVE-2019-3874 |
|
|
DoS |
2019-03-25 |
2021-06-14 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. |
|
36 |
CVE-2019-3460 |
20 |
|
|
2019-04-11 |
2022-04-22 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. |
|
37 |
CVE-2019-3459 |
125 |
|
+Info |
2019-04-11 |
2022-04-22 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. |
|
38 |
CVE-2018-18021 |
20 |
|
DoS |
2018-10-07 |
2019-04-03 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes. |
|
39 |
CVE-2018-16658 |
200 |
|
+Info |
2018-09-07 |
2019-08-06 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. |
|
40 |
CVE-2018-1120 |
119 |
|
DoS Overflow |
2018-06-20 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). |
|
41 |
CVE-2017-18270 |
|
|
DoS |
2018-05-18 |
2020-08-14 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. |
|
42 |
CVE-2017-12154 |
|
|
|
2017-09-26 |
2019-10-03 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. |
|
43 |
CVE-2017-11472 |
755 |
|
Bypass +Info |
2017-07-20 |
2019-10-03 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. |
|
44 |
CVE-2017-5551 |
|
|
+Priv |
2017-02-06 |
2019-10-03 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. |
|
45 |
CVE-2017-2584 |
200 |
|
DoS +Info |
2017-01-15 |
2018-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. |
|
46 |
CVE-2016-7097 |
285 |
|
+Priv |
2016-10-16 |
2018-01-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. |
|
47 |
CVE-2015-8956 |
476 |
|
DoS +Info |
2016-10-10 |
2018-01-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. |
|
48 |
CVE-2015-2922 |
17 |
|
|
2015-05-27 |
2018-01-05 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. |
|
49 |
CVE-2014-9717 |
284 |
|
Bypass |
2016-05-02 |
2016-08-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. |
|
50 |
CVE-2014-9683 |
189 |
|
DoS Overflow +Priv |
2015-03-03 |
2016-12-24 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. |
