Linux Linux

Do you want an email whenever new security vulnerabilities are reported in any Linux product?

Products by Linux Sorted by Most Security Vulnerabilities since 2018

Linux Kernel1294 vulnerabilities

Linux Acrn7 vulnerabilities

Linux Tizen5 vulnerabilities

Linux Mac802113 vulnerabilities

@Linux_Kernel Tweets

Linux kernel 3.6.1 ( stable) has been released - http://t.co/vhc5dozz #linux #kernel
Sun Oct 07 15:49:01 +0000 2012

Linux kernel next-20120928 ( linux-next) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Oct 01 00:19:02 +0000 2012

Linux kernel 3.6 ( mainline) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Oct 01 00:19:01 +0000 2012

Linux kernel next-20120921 ( linux-next) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Sep 24 01:49:03 +0000 2012

Linux kernel 3.6-rc7 ( mainline) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Sep 24 01:49:02 +0000 2012

By the Year

In 2022 there have been 218 vulnerabilities in Linux with an average score of 6.5 out of ten. Last year Linux had 173 security vulnerabilities published. That is, 45 more vulnerabilities have already been reported in 2022 as compared to last year. Last year, the average CVE base score was greater by 0.07

Year Vulnerabilities Average Score
2022 218 6.51
2021 173 6.58
2020 119 6.15
2019 268 6.30
2018 145 6.27

It may take a day or so for new Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Security Vulnerabilities

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking

CVE-2022-3303 4.7 - Medium - September 27, 2022

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

Race Condition

off-by-one in io_uring module.

CVE-2022-3103 7.8 - High - September 26, 2022

off-by-one in io_uring module.

off-by-five

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and

CVE-2022-2785 5.5 - Medium - September 23, 2022

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c

Out-of-bounds Read

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB

CVE-2022-41222 4.7 - Medium - September 21, 2022

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

Dangling pointer

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10

CVE-2022-41218 5.5 - Medium - September 21, 2022

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

Dangling pointer

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards

CVE-2022-3239 7.8 - High - September 19, 2022

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Dangling pointer

drivers/scsi/stex.c in the Linux kernel through 5.19.9

CVE-2022-40768 5.5 - Medium - September 18, 2022

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Exposure of Resource to Wrong Sphere

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-36402 5.5 - Medium - September 16, 2022

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Integer Overflow or Wraparound

There exists a use-after-free in io_uring in the Linux kernel

CVE-2022-3176 7.8 - High - September 16, 2022

There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659

Dangling pointer

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62

CVE-2022-40476 5.5 - Medium - September 14, 2022

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.

NULL Pointer Dereference

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices

CVE-2022-2977 7.8 - High - September 14, 2022

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

Dangling pointer

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel

CVE-2022-3202 7.1 - High - September 14, 2022

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.

NULL Pointer Dereference

An out-of-bounds access issue was found in the Linux kernel sound subsystem

CVE-2022-3170 7.8 - High - September 13, 2022

An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.

Out-of-bounds Read

A flaw was found in the Linux kernel

CVE-2022-3169 5.5 - Medium - September 09, 2022

A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.

Improper Input Validation

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-38457 5.5 - Medium - September 09, 2022

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Dangling pointer

A buffer overflow vulnerability was found in the Linux kernel Intels iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (

CVE-2022-3077 5.5 - Medium - September 09, 2022

A buffer overflow vulnerability was found in the Linux kernel Intels iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.

Classic Buffer Overflow

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map

CVE-2022-2905 5.5 - Medium - September 09, 2022

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

Out-of-bounds Read

A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-40133 5.5 - Medium - September 09, 2022

A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Dangling pointer

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-38096 5.5 - Medium - September 09, 2022

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

NULL Pointer Dereference

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-36280 5.5 - Medium - September 09, 2022

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.