# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-41858 |
416 |
|
+Info |
2023-01-17 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. |
2 |
CVE-2022-40768 |
668 |
|
+Info |
2022-09-18 |
2022-12-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. |
3 |
CVE-2022-33742 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
4 |
CVE-2022-33741 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
5 |
CVE-2022-33740 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
6 |
CVE-2022-26966 |
|
|
+Info |
2022-03-12 |
2022-12-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. |
7 |
CVE-2022-26365 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
8 |
CVE-2022-25375 |
668 |
|
+Info |
2022-02-20 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. |
9 |
CVE-2022-3202 |
476 |
|
+Info |
2022-09-14 |
2022-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. |
10 |
CVE-2022-1974 |
416 |
|
+Info |
2022-08-31 |
2022-09-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. |
11 |
CVE-2022-1973 |
416 |
|
+Info |
2022-08-05 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. |
12 |
CVE-2022-1729 |
362 |
|
+Priv +Info |
2022-09-01 |
2022-09-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. |
13 |
CVE-2022-1671 |
476 |
|
+Info |
2022-07-26 |
2022-09-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. |
14 |
CVE-2022-1651 |
401 |
|
DoS +Info |
2022-07-26 |
2022-09-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service. |
15 |
CVE-2022-1353 |
|
|
+Priv +Info |
2022-04-29 |
2022-12-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. |
16 |
CVE-2022-1280 |
416 |
|
DoS +Info |
2022-04-13 |
2022-04-20 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. |
17 |
CVE-2022-1016 |
416 |
|
+Info |
2022-08-29 |
2022-09-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. |
18 |
CVE-2022-1012 |
401 |
|
DoS +Info |
2022-08-05 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. |
19 |
CVE-2022-0850 |
|
|
+Info |
2022-08-29 |
2022-09-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. |
20 |
CVE-2022-0812 |
|
|
+Info |
2022-08-29 |
2022-09-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. |
21 |
CVE-2022-0494 |
200 |
|
+Info |
2022-03-25 |
2022-10-19 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. |
22 |
CVE-2022-0382 |
909 |
|
+Info |
2022-02-11 |
2022-12-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1. |
23 |
CVE-2021-45486 |
327 |
|
+Info |
2021-12-25 |
2022-07-25 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. |
24 |
CVE-2021-45485 |
327 |
|
+Info |
2021-12-25 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. |
25 |
CVE-2021-45402 |
668 |
|
+Info |
2022-02-11 |
2022-02-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." |
26 |
CVE-2021-45095 |
200 |
|
+Info |
2021-12-16 |
2022-04-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. |
27 |
CVE-2021-35477 |
203 |
|
Bypass +Info |
2021-08-02 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. |
28 |
CVE-2021-34693 |
909 |
|
+Info |
2021-06-14 |
2021-09-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. |
29 |
CVE-2021-34556 |
203 |
|
Bypass +Info |
2021-08-02 |
2021-12-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. |
30 |
CVE-2021-31916 |
787 |
|
+Priv +Info |
2021-05-06 |
2022-01-01 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. |
31 |
CVE-2021-29647 |
909 |
|
+Info |
2021-03-30 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. |
32 |
CVE-2021-29155 |
125 |
|
+Info |
2021-04-20 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. |
33 |
CVE-2021-21781 |
908 |
|
+Info |
2021-08-18 |
2022-07-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 |
34 |
CVE-2021-20320 |
200 |
|
+Info |
2022-02-18 |
2022-03-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. |
35 |
CVE-2021-20239 |
119 |
|
Overflow +Info |
2021-05-28 |
2022-08-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. |
36 |
CVE-2021-4204 |
20 |
|
+Info |
2022-08-24 |
2022-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. |
37 |
CVE-2021-4203 |
362 |
|
+Info |
2022-03-25 |
2022-12-08 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
None |
Partial |
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. |
38 |
CVE-2021-3743 |
125 |
|
+Info |
2022-03-04 |
2022-07-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. |
39 |
CVE-2021-3739 |
476 |
|
+Info |
2022-03-10 |
2022-06-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. |
40 |
CVE-2021-3736 |
401 |
|
+Info |
2022-08-23 |
2022-08-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information. |
41 |
CVE-2021-3506 |
125 |
|
+Info |
2021-04-19 |
2022-01-21 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. |
42 |
CVE-2020-35519 |
125 |
|
+Info |
2021-05-06 |
2022-10-06 |
6.8 |
None |
Local |
Low |
Not required |
Complete |
Partial |
Complete |
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
43 |
CVE-2020-35499 |
476 |
|
+Info |
2021-02-19 |
2021-02-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. |
44 |
CVE-2020-29569 |
416 |
|
+Info |
2020-12-15 |
2023-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. |
45 |
CVE-2020-28588 |
681 |
|
+Info |
2021-05-10 |
2022-06-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. |
46 |
CVE-2020-27825 |
362 |
|
DoS +Info |
2020-12-11 |
2022-09-02 |
5.4 |
None |
Local |
Medium |
Not required |
Partial |
None |
Complete |
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. |
47 |
CVE-2020-27171 |
193 |
|
+Info |
2021-03-20 |
2022-07-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. |
48 |
CVE-2020-27170 |
203 |
|
+Info |
2021-03-20 |
2022-07-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. |
49 |
CVE-2020-16166 |
330 |
|
+Info |
2020-07-30 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. |
50 |
CVE-2020-10773 |
|
|
+Info |
2020-09-10 |
2021-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. |