Linux Linux

Do you want an email whenever new security vulnerabilities are reported in any Linux product?

Products by Linux Sorted by Most Security Vulnerabilities since 2018

Linux Kernel1046 vulnerabilities

Linux Acrn7 vulnerabilities

Linux Tizen5 vulnerabilities

Linux Mac802113 vulnerabilities

@Linux_Kernel Tweets

Linux kernel 3.6.1 ( stable) has been released - http://t.co/vhc5dozz #linux #kernel
Sun Oct 07 15:49:01 +0000 2012

Linux kernel next-20120928 ( linux-next) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Oct 01 00:19:02 +0000 2012

Linux kernel 3.6 ( mainline) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Oct 01 00:19:01 +0000 2012

Linux kernel next-20120921 ( linux-next) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Sep 24 01:49:03 +0000 2012

Linux kernel 3.6-rc7 ( mainline) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Sep 24 01:49:02 +0000 2012

By the Year

In 2022 there have been 4 vulnerabilities in Linux with an average score of 6.6 out of ten. Last year Linux had 172 security vulnerabilities published. Right now, Linux is on track to have less security vulnerabilities in 2022 than it did last year. Last year, the average CVE base score was greater by 0.02

Year Vulnerabilities Average Score
2022 4 6.58
2021 172 6.60
2020 118 6.16
2019 268 6.30
2018 145 6.27

It may take a day or so for new Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Security Vulnerabilities

kernel/bpf/verifier.c in the Linux kernel through 5.15.14

CVE-2022-23222 7.8 - High - January 14, 2022

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

NULL Pointer Dereference

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13

CVE-2021-46283 5.5 - Medium - January 11, 2022

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.

Improper Initialization

Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains

CVE-2021-28714 6.5 - Medium - January 06, 2022

Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)

Improper Resource Shutdown or Release

Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains

CVE-2021-28715 6.5 - Medium - January 06, 2022

Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)

Improper Resource Shutdown or Release

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider

CVE-2021-45485 7.5 - High - December 25, 2021

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

Use of a Broken or Risky Cryptographic Algorithm

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak

CVE-2021-45486 5.9 - Medium - December 25, 2021

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

Use of a Broken or Risky Cryptographic Algorithm

An issue was discovered in the Linux kernel before 5.15.11

CVE-2021-45480 5.5 - Medium - December 24, 2021

An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.

Memory Leak

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11

CVE-2021-45469 7.8 - High - December 23, 2021

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

Out-of-bounds Read

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11

CVE-2021-44733 7 - High - December 22, 2021

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

Dangling pointer

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.

CVE-2021-45095 5.5 - Medium - December 16, 2021

pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.

Information Disclosure

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions

CVE-2018-25020 7.8 - High - December 08, 2021

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.

Classic Buffer Overflow

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c

CVE-2021-43975 6.7 - Medium - November 17, 2021

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

Memory Corruption

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c

CVE-2021-43976 4.6 - Medium - November 17, 2021

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

An issue was discovered in the Linux kernel before 5.14.15

CVE-2021-43389 5.5 - Medium - November 04, 2021

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

Out-of-bounds Read

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (

CVE-2020-27820 4.7 - Medium - November 03, 2021

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

Dangling pointer

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16

CVE-2021-43267 9.8 - Critical - November 02, 2021

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Improper Input Validation

Insufficient data validation in waitid

CVE-2017-5123 8.8 - High - November 02, 2021

Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.

Improper Input Validation

An issue was discovered in the Linux kernel for powerpc before 5.14.15

CVE-2021-43056 5.5 - Medium - October 28, 2021

An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.

An issue was discovered in the Linux kernel before 5.14.8

CVE-2021-43057 7.8 - High - October 28, 2021

An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.

Dangling pointer

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14

CVE-2021-42327 6.7 - Medium - October 21, 2021

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.