Linux
Products by Linux Sorted by Most Security Vulnerabilities since 2018
@Linux_Kernel Tweets
Sun Oct 07 15:49:01 +0000 2012
Mon Oct 01 00:19:02 +0000 2012
Mon Oct 01 00:19:01 +0000 2012
Mon Sep 24 01:49:03 +0000 2012
Mon Sep 24 01:49:02 +0000 2012
By the Year
In 2022 there have been 218 vulnerabilities in Linux with an average score of 6.5 out of ten. Last year Linux had 173 security vulnerabilities published. That is, 45 more vulnerabilities have already been reported in 2022 as compared to last year. Last year, the average CVE base score was greater by 0.07
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 218 | 6.51 |
| 2021 | 173 | 6.58 |
| 2020 | 119 | 6.15 |
| 2019 | 268 | 6.30 |
| 2018 | 145 | 6.27 |
It may take a day or so for new Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Security Vulnerabilities
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking
CVE-2022-3303
4.7 - Medium
- September 27, 2022
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition
Race Condition
off-by-one in io_uring module.
CVE-2022-3103
7.8 - High
- September 26, 2022
off-by-one in io_uring module.
off-by-five
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and
CVE-2022-2785
5.5 - Medium
- September 23, 2022
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c
Out-of-bounds Read
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB
CVE-2022-41222
4.7 - Medium
- September 21, 2022
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
Dangling pointer
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10
CVE-2022-41218
5.5 - Medium
- September 21, 2022
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
Dangling pointer
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards
CVE-2022-3239
7.8 - High
- September 19, 2022
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Dangling pointer
drivers/scsi/stex.c in the Linux kernel through 5.19.9
CVE-2022-40768
5.5 - Medium
- September 18, 2022
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
Exposure of Resource to Wrong Sphere
An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'
CVE-2022-36402
5.5 - Medium
- September 16, 2022
An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Integer Overflow or Wraparound
There exists a use-after-free in io_uring in the Linux kernel
CVE-2022-3176
7.8 - High
- September 16, 2022
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659
Dangling pointer
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62
CVE-2022-40476
5.5 - Medium
- September 14, 2022
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.
NULL Pointer Dereference
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices
CVE-2022-2977
7.8 - High
- September 14, 2022
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
Dangling pointer
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel
CVE-2022-3202
7.1 - High
- September 14, 2022
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.
NULL Pointer Dereference
An out-of-bounds access issue was found in the Linux kernel sound subsystem
CVE-2022-3170
7.8 - High
- September 13, 2022
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.
Out-of-bounds Read
A flaw was found in the Linux kernel
CVE-2022-3169
5.5 - Medium
- September 09, 2022
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
Improper Input Validation
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'
CVE-2022-38457
5.5 - Medium
- September 09, 2022
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Dangling pointer
A buffer overflow vulnerability was found in the Linux kernel Intels iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (
CVE-2022-3077
5.5 - Medium
- September 09, 2022
A buffer overflow vulnerability was found in the Linux kernel Intels iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
Classic Buffer Overflow
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map
CVE-2022-2905
5.5 - Medium
- September 09, 2022
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
Out-of-bounds Read
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'
CVE-2022-40133
5.5 - Medium
- September 09, 2022
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Dangling pointer
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'
CVE-2022-38096
5.5 - Medium
- September 09, 2022
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
NULL Pointer Dereference
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'
CVE-2022-36280
5.5 - Medium
- September 09, 2022
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Memory Corruption