CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-41858 416 +Info 2023-01-17 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
2 CVE-2022-40768 668 +Info 2022-09-18 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
3 CVE-2022-33742 200 +Info 2022-07-05 2022-10-29
3.6
None Local Low Not required Partial None Partial
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
4 CVE-2022-33741 200 +Info 2022-07-05 2022-10-29
3.6
None Local Low Not required Partial None Partial
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
5 CVE-2022-33740 200 +Info 2022-07-05 2022-10-29
3.6
None Local Low Not required Partial None Partial
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
6 CVE-2022-26966 +Info 2022-03-12 2022-12-22
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
7 CVE-2022-26365 200 +Info 2022-07-05 2022-10-29
3.6
None Local Low Not required Partial None Partial
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
8 CVE-2022-25375 668 +Info 2022-02-20 2022-05-11
2.1
None Local Low Not required Partial None None
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
9 CVE-2022-3202 476 +Info 2022-09-14 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.
10 CVE-2022-1974 416 +Info 2022-08-31 2022-09-07
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
11 CVE-2022-1973 416 +Info 2022-08-05 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.
12 CVE-2022-1729 362 +Priv +Info 2022-09-01 2022-09-07
0.0
None ??? ??? ??? ??? ??? ???
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
13 CVE-2022-1671 476 +Info 2022-07-26 2022-09-04
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.
14 CVE-2022-1651 401 DoS +Info 2022-07-26 2022-09-04
0.0
None ??? ??? ??? ??? ??? ???
A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.
15 CVE-2022-1353 +Priv +Info 2022-04-29 2022-12-14
3.6
None Local Low Not required Partial None Partial
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
16 CVE-2022-1280 416 DoS +Info 2022-04-13 2022-04-20
3.3
None Local Medium Not required Partial None Partial
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
17 CVE-2022-1016 416 +Info 2022-08-29 2022-09-08
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
18 CVE-2022-1012 401 DoS +Info 2022-08-05 2022-10-28
0.0
None ??? ??? ??? ??? ??? ???
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
19 CVE-2022-0850 +Info 2022-08-29 2022-09-06
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
20 CVE-2022-0812 +Info 2022-08-29 2022-09-06
0.0
None ??? ??? ??? ??? ??? ???
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
21 CVE-2022-0494 200 +Info 2022-03-25 2022-10-19
4.9
None Local Low Not required Complete None None
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
22 CVE-2022-0382 909 +Info 2022-02-11 2022-12-02
2.1
None Local Low Not required Partial None None
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.
23 CVE-2021-45486 327 +Info 2021-12-25 2022-07-25
2.7
None Local Network Low ??? Partial None None
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
24 CVE-2021-45485 327 +Info 2021-12-25 2022-07-25
5.0
None Remote Low Not required Partial None None
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
25 CVE-2021-45402 668 +Info 2022-02-11 2022-02-23
2.1
None Local Low Not required Partial None None
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
26 CVE-2021-45095 200 +Info 2021-12-16 2022-04-06
2.1
None Local Low Not required Partial None None
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
27 CVE-2021-35477 203 Bypass +Info 2021-08-02 2021-11-11
2.1
None Local Low Not required Partial None None
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
28 CVE-2021-34693 909 +Info 2021-06-14 2021-09-20
2.1
None Local Low Not required Partial None None
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
29 CVE-2021-34556 203 Bypass +Info 2021-08-02 2021-12-14
2.1
None Local Low Not required Partial None None
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
30 CVE-2021-31916 787 +Priv +Info 2021-05-06 2022-01-01
6.1
None Local Low Not required Partial Partial Complete
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
31 CVE-2021-29647 909 +Info 2021-03-30 2022-07-12
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
32 CVE-2021-29155 125 +Info 2021-04-20 2022-04-19
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
33 CVE-2021-21781 908 +Info 2021-08-18 2022-07-25
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
34 CVE-2021-20320 200 +Info 2022-02-18 2022-03-03
2.1
None Local Low Not required Partial None None
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
35 CVE-2021-20239 119 Overflow +Info 2021-05-28 2022-08-05
2.1
None Local Low Not required Partial None None
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.
36 CVE-2021-4204 20 +Info 2022-08-24 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.
37 CVE-2021-4203 362 +Info 2022-03-25 2022-12-08
4.9
None Remote Medium ??? Partial None Partial
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
38 CVE-2021-3743 125 +Info 2022-03-04 2022-07-25
3.6
None Local Low Not required Partial None Partial
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
39 CVE-2021-3739 476 +Info 2022-03-10 2022-06-01
3.6
None Local Low Not required Partial None Partial
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
40 CVE-2021-3736 401 +Info 2022-08-23 2022-08-25
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.
41 CVE-2021-3506 125 +Info 2021-04-19 2022-01-21
5.6
None Local Low Not required Partial None Complete
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
42 CVE-2020-35519 125 +Info 2021-05-06 2022-10-06
6.8
None Local Low Not required Complete Partial Complete
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
43 CVE-2020-35499 476 +Info 2021-02-19 2021-02-25
7.2
None Local Low Not required Complete Complete Complete
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.
44 CVE-2020-29569 416 +Info 2020-12-15 2023-01-19
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
45 CVE-2020-28588 681 +Info 2021-05-10 2022-06-07
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
46 CVE-2020-27825 362 DoS +Info 2020-12-11 2022-09-02
5.4
None Local Medium Not required Partial None Complete
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
47 CVE-2020-27171 193 +Info 2021-03-20 2022-07-30
3.6
None Local Low Not required Partial None Partial
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.
48 CVE-2020-27170 203 +Info 2021-03-20 2022-07-30
1.9
None Local Medium Not required Partial None None
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
49 CVE-2020-16166 330 +Info 2020-07-30 2022-04-26
4.3
None Remote Medium Not required Partial None None
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
50 CVE-2020-10773 +Info 2020-09-10 2021-10-26
2.1
None Local Low Not required Partial None None
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
Total number of vulnerabilities : 425   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.