| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-34495 |
415 |
|
|
2022-06-26 |
2022-07-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. |
|
2 |
CVE-2022-34494 |
415 |
|
|
2022-06-26 |
2022-07-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. |
|
3 |
CVE-2022-33743 |
|
|
|
2022-07-05 |
2022-11-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. |
|
4 |
CVE-2022-32981 |
120 |
|
Overflow |
2022-06-10 |
2022-06-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. |
|
5 |
CVE-2022-30594 |
863 |
|
Bypass |
2022-05-12 |
2023-02-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. |
|
6 |
CVE-2022-29968 |
909 |
|
|
2022-05-02 |
2023-02-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. |
|
7 |
CVE-2022-28390 |
415 |
|
|
2022-04-03 |
2023-02-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. |
|
8 |
CVE-2022-27666 |
787 |
|
Overflow |
2022-03-23 |
2023-02-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. |
|
9 |
CVE-2022-26490 |
120 |
|
Overflow |
2022-03-06 |
2023-01-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. |
|
10 |
CVE-2022-25265 |
913 |
|
|
2022-02-16 |
2022-05-11 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. |
|
11 |
CVE-2022-25258 |
476 |
|
Mem. Corr. |
2022-02-16 |
2022-12-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. |
|
12 |
CVE-2022-24958 |
763 |
|
|
2022-02-11 |
2023-02-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
|
13 |
CVE-2022-2318 |
416 |
|
|
2022-07-06 |
2023-02-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. |
|
14 |
CVE-2022-1734 |
416 |
|
|
2022-05-18 |
2022-10-14 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. |
|
15 |
CVE-2022-1516 |
416 |
|
|
2022-05-05 |
2022-12-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. |
|
16 |
CVE-2022-1419 |
416 |
|
|
2022-06-02 |
2022-12-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. |
|
17 |
CVE-2022-1055 |
416 |
|
+Priv |
2022-03-29 |
2022-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 |
|
18 |
CVE-2022-1015 |
787 |
|
|
2022-04-29 |
2023-02-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. |
|
19 |
CVE-2022-1011 |
416 |
|
+Priv |
2022-03-18 |
2022-10-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. |
|
20 |
CVE-2022-0617 |
476 |
|
|
2022-02-16 |
2022-05-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. |
|
21 |
CVE-2022-0516 |
|
|
|
2022-03-10 |
2022-10-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. |
|
22 |
CVE-2022-0494 |
200 |
|
+Info |
2022-03-25 |
2022-10-19 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. |
|
23 |
CVE-2022-0433 |
476 |
|
|
2022-03-10 |
2022-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. |
|
24 |
CVE-2022-0330 |
281 |
|
|
2022-03-25 |
2022-12-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. |
|
25 |
CVE-2021-46283 |
665 |
|
DoS |
2022-01-11 |
2022-01-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. |
|
26 |
CVE-2021-45868 |
416 |
|
|
2022-03-18 |
2023-02-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. |
|
27 |
CVE-2021-45480 |
401 |
|
|
2021-12-24 |
2022-04-06 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. |
|
28 |
CVE-2021-45469 |
125 |
|
|
2021-12-23 |
2022-04-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. |
|
29 |
CVE-2021-44879 |
476 |
|
|
2022-02-14 |
2022-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. |
|
30 |
CVE-2021-44733 |
416 |
|
|
2021-12-22 |
2022-06-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. |
|
31 |
CVE-2021-43975 |
787 |
|
|
2021-11-17 |
2022-04-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. |
|
32 |
CVE-2021-43056 |
|
|
|
2021-10-28 |
2021-11-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. |
|
33 |
CVE-2021-42739 |
787 |
|
Overflow |
2021-10-20 |
2022-11-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
|
34 |
CVE-2021-42327 |
787 |
|
Overflow |
2021-10-21 |
2021-11-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. |
|
35 |
CVE-2021-42252 |
|
|
|
2021-10-11 |
2021-12-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. |
|
36 |
CVE-2021-41864 |
190 |
|
Overflow |
2021-10-02 |
2022-03-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. |
|
37 |
CVE-2021-40490 |
362 |
|
|
2021-09-03 |
2022-04-05 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. |
|
38 |
CVE-2021-38204 |
416 |
|
DoS |
2021-08-08 |
2022-01-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. |
|
39 |
CVE-2021-38166 |
787 |
|
Overflow |
2021-08-07 |
2022-04-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. |
|
40 |
CVE-2021-37159 |
415 |
|
|
2021-07-21 |
2023-02-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. |
|
41 |
CVE-2021-33624 |
203 |
|
|
2021-06-23 |
2021-11-12 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. |
|
42 |
CVE-2021-33034 |
416 |
|
|
2021-05-14 |
2022-05-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. |
|
43 |
CVE-2021-33033 |
416 |
|
|
2021-05-14 |
2021-06-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. |
|
44 |
CVE-2021-32399 |
362 |
|
|
2021-05-10 |
2022-05-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. |
|
45 |
CVE-2021-29650 |
|
|
DoS |
2021-03-30 |
2022-05-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. |
|
46 |
CVE-2021-29649 |
401 |
|
|
2021-03-30 |
2021-04-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. |
|
47 |
CVE-2021-29648 |
307 |
|
|
2021-03-30 |
2021-04-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. |
|
48 |
CVE-2021-29265 |
362 |
|
DoS |
2021-03-26 |
2022-05-27 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. |
|
49 |
CVE-2021-29264 |
|
|
|
2021-03-26 |
2022-05-27 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. |
|
50 |
CVE-2021-28971 |
755 |
|
|
2021-03-22 |
2022-07-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. |
