Kernel
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Kernel product.
RSS Feeds for Kernel security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Kernel products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Kernel Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Kernel. Kernel did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 3.30 |
| 2023 | 1 | 6.70 |
| 2022 | 3 | 5.50 |
| 2021 | 1 | 5.50 |
| 2020 | 1 | 6.10 |
| 2019 | 0 | 0.00 |
| 2018 | 3 | 0.00 |
It may take a day or so for new Kernel vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Kernel Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2024-28085 | Mar 27, 2024 |
util-linux wall (2.40) argv escape seq inject via setgid tty takeoverwall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. |
Util Linux
|
| CVE-2020-21583 | Aug 22, 2023 |
Privileged Escalation in hwclock 2.27 via Path ParamAn issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. |
Util Linux
|
| CVE-2021-3996 | Aug 23, 2022 |
Unprivileged Users Can Unmount Others' FUSE FS via util-linux libmountA logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. |
Util Linux
|
| CVE-2021-3995 | Aug 23, 2022 |
Unprivileged FUSE Unmtn via libmount Logic ErrA logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. |
Util Linux
|
| CVE-2022-0563 | Feb 21, 2022 |
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline supportA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. |
Util Linux
|
| CVE-2021-37600 | Jul 30, 2021 |
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a wayAn integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. |
Util Linux
|
| CVE-2020-10751 | May 26, 2020 |
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumedA flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. |
Selinux
|
| CVE-2018-10840 | Jul 16, 2018 |
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() functionLinux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. |
|
| CVE-2016-9604 | Jul 11, 2018 |
It was discovered in the Linux kernel before 4.11-rc8It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. |
|
| CVE-2018-7738 | Mar 07, 2018 |
In util-linux before 2.32-rc1, bash-completion/umountIn util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. |
Util Linux
|